diff options
Diffstat (limited to 'gnu/packages/patches')
116 files changed, 5094 insertions, 3431 deletions
diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch index aa253e135f..7bb5d77dba 100644 --- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch +++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch @@ -5,9 +5,6 @@ Not applying the first patch (apparently) leads to miscompiled firmware, and loading it fails with a "Target is unresponsive" message from the 'ath9k_htc' module. -The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the -upstream file 'local/patches/binutils-2.27_fixup.patch'. - From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001 From: Sujith Manoharan <c_manoha@qca.qualcomm.com> Date: Mon, 7 Jan 2013 15:59:53 +0530 @@ -28969,20 +28966,3 @@ index 30f4f41..fe9b051 100644 #define XCHAL_MAX_INSTRUCTION_SIZE 3 -- 1.8.1 - -diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c -index d062044..ca261ae 100644 ---- a/gas/config/tc-xtensa.c -+++ b/gas/config/tc-xtensa.c -@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp) - cnt_arg = *cnt_argp; - - /* replace the argument with "31-(argument)" */ -- new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL); -+ new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL); - - free (cnt_arg); - *cnt_argp = new_arg; --- -2.10.1 - diff --git a/gnu/packages/patches/bcftools-regidx-unsigned-char.patch b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch new file mode 100644 index 0000000000..af5bc160f5 --- /dev/null +++ b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch @@ -0,0 +1,16 @@ +Description: Fix test-regidx argument parsing on archs with unsigned char + On architectures where char is unsigned "c >= 0" was always true. +Author: Adrian Bunk <bunk@debian.org> +Bug-Debian: https://bugs.debian.org/865060 + +--- a/test/test-regidx.c ++++ b/test/test-regidx.c +@@ -336,7 +336,7 @@ + {"seed",1,0,'s'}, + {0,0,0,0} + }; +- char c; ++ int c; + int seed = (int)time(NULL); + while ((c = getopt_long(argc, argv, "hvs:",loptions,NULL)) >= 0) + { diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch deleted file mode 100644 index 08d3a79749..0000000000 --- a/gnu/packages/patches/binutils-mips-bash-bug.patch +++ /dev/null @@ -1,22 +0,0 @@ -Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the -"x" case in: - - case x"$EMULATION_NAME" in x) ;; *) ;; esac - -when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this -problem. Work around it. - -This Bash bug was fixed -in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>. - ---- a/ld/emulparams/elf32bmipn32-defs.sh -+++ b/ld/emulparams/elf32bmipn32-defs.sh -@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips" - TEMPLATE_NAME=elf32 - EXTRA_EM_FILE=mipself - --case x"$EMULATION_NAME" in -+case "x$EMULATION_NAME" in - xelf32*n32*) ELFSIZE=32 ;; - xelf64*) ELFSIZE=64 ;; - x) ;; diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/packages/patches/catdoc-CVE-2017-11110.patch new file mode 100644 index 0000000000..71c44f60fb --- /dev/null +++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-11110: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110 +https://bugzilla.redhat.com/show_bug.cgi?id=1468471 +https://security-tracker.debian.org/tracker/CVE-2017-11110 + +Patch copied from openSUSE: + +https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1 + +From: Andreas Stieger <astieger@suse.com> +Date: Mon, 10 Jul 2017 15:37:58 +0000 +References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877 + +All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4. + +--- + src/ole.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: catdoc-0.95/src/ole.c +=================================================================== +--- catdoc-0.95.orig/src/ole.c 2016-05-25 06:37:12.000000000 +0200 ++++ catdoc-0.95/src/ole.c 2017-07-10 17:42:33.578308107 +0200 +@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si + return NULL; + } + sectorSize = 1<<getshort(oleBuf,0x1e); ++ /* CVE-2017-11110) */ ++ if (sectorSize < 4) { ++ fprintf(stderr,"sectorSize < 4 not supported\n"); ++ return NULL; ++ } + shortSectorSize=1<<getshort(oleBuf,0x20); + + /* Read BBD into memory */ +@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si + } + + fseek(newfile, 512+mblock*sectorSize, SEEK_SET); +- if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, ++ if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */ + 1, sectorSize, newfile) != sectorSize) { + fprintf(stderr, "Error read MSAT!\n"); + ole_finish(); diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch new file mode 100644 index 0000000000..1d46ad50d9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-11343: + +https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 + +Patch copied from upstream mailing list: + +http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt + +From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 +From: Peter Bex <address@hidden> +Date: Fri, 30 Jun 2017 15:39:45 +0200 +Subject: [PATCH 2/2] Initialize symbol table after setting up randomization + +Otherwise, the symbol table wouldn't be correctly randomized. +--- + NEWS | 3 +++ + runtime.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +#diff --git a/NEWS b/NEWS +#index f4b0e041..6588b30e 100644 +#--- a/NEWS +#+++ b/NEWS +#@@ -96,6 +96,9 @@ +# buffer overrun and/or segfault (thanks to Lemonboy). +# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes +# #1375, thanks to "megane"). +#+ - The randomization factor of the symbol table was set before +#+ the random seed was set, causing it to have a fixed value on many +#+ platforms. +# +# - Core Libraries +# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are +diff --git a/runtime.c b/runtime.c +index 81c54dd2..a4580abc 100644 +--- a/runtime.c ++++ b/runtime.c +@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; + C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; + memset(signal_mapping_table, 0, sizeof(int) * NSIG); +- initialize_symbol_table(); + C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; + error_location = C_SCHEME_FALSE; + C_pre_gc_hook = NULL; +@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + callback_continuation_level = 0; + gc_ms = 0; + (void)C_randomize(C_fix(time(NULL))); ++ initialize_symbol_table(); + + if (profiling) { + #ifndef C_NONUNIX +-- +2.11.0 + diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch index 0be2cef2b8..e3a0ef28eb 100644 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch @@ -1,22 +1,33 @@ This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>. -It is a followup to this upstream patch: +the build environment chroot, as reported at <https://bugs.gnu.org/26253>, +and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2 - Author: Pádraig Brady <P@draigBrady.com> - Date: Fri Mar 3 00:25:54 2017 -0800 + commit f5422009389678680dba9ff4ecb7d33632ee3383 + Author: Ludovic Courtès <ludo@gnu.org> + Date: Mon Mar 27 20:34:39 2017 -0700 - tests: avoid a spurious failure on older debian + tests: avoid false ulimit failure on some systems + + * tests/misc/cut-huge-range.sh: On some systems returns_ may + use more memory, so incorporate that in the determination + of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, + and x86_64 with bash-4.2.37. + Fixes http://bugs.gnu.org/26253 ... which appeared to be insufficient. +diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh +index 6b3c5b6ed..55b7b640e 100755 --- a/tests/misc/cut-huge-range.sh +++ b/tests/misc/cut-huge-range.sh -@@ -22,6 +22,7 @@ getlimits_ +@@ -20,9 +20,9 @@ + print_ver_ cut + getlimits_ - vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ +-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ ++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ || skip_ "this shell lacks ulimit support" -+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures + vm=$(($vm + 1000)) # avoid spurious failures # sed script to subtract one from the input. # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch deleted file mode 100644 index 3f0d35c33e..0000000000 --- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch +++ /dev/null @@ -1,15 +0,0 @@ -Coreutils fails to cross compile for other platforms because cu_install_program -is not being evaluated properly. This patch fixes it. -See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> ---- a/Makefile.in -+++ b/Makefile.in -@@ -5023,7 +5023,7 @@ pr = progs-readme - @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall - - # Use the just-built 'ginstall', when not cross-compiling. --@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ -+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ - info_TEXINFOS = doc/coreutils.texi - doc_coreutils_TEXINFOS = \ - doc/perm.texi \ - diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch new file mode 100644 index 0000000000..4b8ff65304 --- /dev/null +++ b/gnu/packages/patches/curl-bounds-check.patch @@ -0,0 +1,19 @@ +Fix test failure on some 32-bit platforms. + +Patch copied from upstream source repository: + +https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index b9dedc989e..85c5e79a7e 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) + num = strtod(str, &endptr); + if(errno == ERANGE) + return PARAM_NUMBER_TOO_LARGE; +- if((long)num > max) { ++ if(num > max) { + /* too large */ + return PARAM_NUMBER_TOO_LARGE; + } diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch new file mode 100644 index 0000000000..507ab0f7d0 --- /dev/null +++ b/gnu/packages/patches/cvs-2017-12836.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-12836: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 +https://security-tracker.debian.org/tracker/CVE-2017-12836 + +Patch adpated from Debian (comments and changelog annotations removed): + +https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 + +From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 +From: mirabilos <m@mirbsd.org> +Date: Sat, 12 Aug 2017 03:17:18 +0200 +Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch + +--- + debian/changelog | 6 ++++++ + src/rsh-client.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/rsh-client.c b/src/rsh-client.c +index fe0cfc4..1fc860d 100644 +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + rsh_argv[i++] = argvport; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + if (readonlyfs) +@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + *p++ = argvport; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; +-- +cgit v0.12 + diff --git a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch new file mode 100644 index 0000000000..a03e0c5481 --- /dev/null +++ b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch @@ -0,0 +1,41 @@ +From 5676766be5e845ccb6cdf46cfa8722497f151752 Mon Sep 17 00:00:00 2001 +From: Jeremy Bicha <jbicha@ubuntu.com> +Date: Fri, 16 Jun 2017 15:11:37 -0400 +Subject: Use 'ref' keyword for iter, requires vala 0.36 + + +diff --git a/deja-dup/widgets/ConfigList.vala b/deja-dup/widgets/ConfigList.vala +index 15de2d6..02cd81a 100644 +--- a/deja-dup/widgets/ConfigList.vala ++++ b/deja-dup/widgets/ConfigList.vala +@@ -333,7 +333,7 @@ public class ConfigList : ConfigWidget + + model.row_deleted.disconnect(write_to_config); + foreach (Gtk.TreeIter iter in iters) { +- (model as Gtk.ListStore).remove(iter); ++ (model as Gtk.ListStore).remove(ref iter); + } + model.row_deleted.connect(write_to_config); + +diff --git a/deja-dup/widgets/ConfigLocation.vala b/deja-dup/widgets/ConfigLocation.vala +index 869e2a8..d21c556 100644 +--- a/deja-dup/widgets/ConfigLocation.vala ++++ b/deja-dup/widgets/ConfigLocation.vala +@@ -397,12 +397,12 @@ public class ConfigLocation : ConfigWidget + if (uuid == saved_uuid) + return; + +- store.remove(iter); ++ store.remove(ref iter); + + if (--num_volumes == 0) { + Gtk.TreeIter sep_iter; + if (store.get_iter_from_string(out sep_iter, index_vol_sep.to_string())) { +- store.remove(sep_iter); ++ store.remove(ref sep_iter); + index_vol_sep = -2; + } + } +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch new file mode 100644 index 0000000000..e7a96a2ac0 --- /dev/null +++ b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch @@ -0,0 +1,46 @@ +Fix a test failure on 32-bit platforms. + +Patch copied from upstream source repository: + +https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493 + +diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c +index 00f3a40..931a839 100644 +--- a/lib/support/mkquota.c ++++ b/lib/support/mkquota.c +@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq) + { + if (desc) + fprintf(stderr, "%s: ", desc); +- fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n", +- dq->dq_id, dq->dq_dqb.dqb_curspace, +- dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit, +- dq->dq_dqb.dqb_curinodes, +- dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit); ++ fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n", ++ dq->dq_id, (long long) dq->dq_dqb.dqb_curspace, ++ (long long) dq->dq_dqb.dqb_bsoftlimit, ++ (long long) dq->dq_dqb.dqb_bhardlimit, ++ (long long) dq->dq_dqb.dqb_curinodes, ++ (long long) dq->dq_dqb.dqb_isoftlimit, ++ (long long) dq->dq_dqb.dqb_ihardlimit); + } + #else + static void print_dquot(const char *desc EXT2FS_ATTR((unused)), +@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data) + dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) { + scan_data->usage_is_inconsistent = 1; + fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:" +- "actual (%ld, %ld) != expected (%ld, %ld)\n", +- dq->dq_id, dq->dq_dqb.dqb_curspace, +- dq->dq_dqb.dqb_curinodes, +- dquot->dq_dqb.dqb_curspace, +- dquot->dq_dqb.dqb_curinodes); ++ "actual (%lld, %lld) != expected (%lld, %lld)\n", ++ dq->dq_id, (long long) dq->dq_dqb.dqb_curspace, ++ (long long) dq->dq_dqb.dqb_curinodes, ++ (long long) dquot->dq_dqb.dqb_curspace, ++ (long long) dquot->dq_dqb.dqb_curinodes); + } + + if (scan_data->update_limits) { diff --git a/gnu/packages/patches/erlang-man-path.patch b/gnu/packages/patches/erlang-man-path.patch new file mode 100644 index 0000000000..68fc9f45b4 --- /dev/null +++ b/gnu/packages/patches/erlang-man-path.patch @@ -0,0 +1,24 @@ +Patch originally from https://sources.debian.net/patches/erlang/1:20.0.1%2Bdfsg-2/man.patch/ +by Francois-Denis Gonthier <neumann@lostwebsite.net>. + +Patch description rewritten for Guix. + +This patch allows access to the man page with the 'erl -man' command +(Erlang manual pages are placed to /gnu/store/..erlang../share/man/ hierarchy +as other man pages.) + +--- a/erts/etc/common/erlexec.c ++++ b/erts/etc/common/erlexec.c +@@ -709,8 +709,10 @@ + error("-man not supported on Windows"); + #else + argv[i] = "man"; +- erts_snprintf(tmpStr, sizeof(tmpStr), "%s/man", rootdir); +- set_env("MANPATH", tmpStr); ++ /* ++ * Conform to erlang-manpages content. ++ */ ++ putenv(strsave("MANSECT=1:3:5:7")); + execvp("man", argv+i); + error("Could not execute the 'man' command."); + #endif diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch deleted file mode 100644 index f5399e20d3..0000000000 --- a/gnu/packages/patches/eudev-conflicting-declaration.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix build failure due to conflicting declaration of -keyboard_lookup_key() in gperf-3.1: - -https://bugs.gentoo.org/show_bug.cgi?id=604864 - -Patch copied from upstream source repository: - -https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 - -From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001 -From: "Anthony G. Basile" <blueness@gentoo.org> -Date: Thu, 5 Jan 2017 16:21:17 -0500 -Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1 - -Signed-off-by: Anthony G. Basile <blueness@gentoo.org> ---- - src/udev/udev-builtin-keyboard.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c -index 73171c3..fad3520 100644 ---- a/src/udev/udev-builtin-keyboard.c -+++ b/src/udev/udev-builtin-keyboard.c -@@ -28,7 +28,6 @@ - - #include "udev.h" - --static const struct key *keyboard_lookup_key(const char *str, unsigned len); - #include "keyboard-keys-from-name.h" - #include "keyboard-keys-to-name.h" - diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch deleted file mode 100644 index 2ca062f337..0000000000 --- a/gnu/packages/patches/evince-CVE-2017-1000083.patch +++ /dev/null @@ -1,109 +0,0 @@ -Fix CVE-2017-1000083. - -http://seclists.org/oss-sec/2017/q3/128 -https://bugzilla.gnome.org/show_bug.cgi?id=784630 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee - -From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001 -From: Bastien Nocera <hadess@hadess.net> -Date: Thu, 6 Jul 2017 20:02:00 +0200 -Subject: comics: Remove support for tar and tar-like commands - -diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c -index 4c74731..641d785 100644 ---- a/backend/comics/comics-document.c -+++ b/backend/comics/comics-document.c -@@ -56,8 +56,7 @@ typedef enum - RARLABS, - GNAUNRAR, - UNZIP, -- P7ZIP, -- TAR -+ P7ZIP - } ComicBookDecompressType; - - typedef struct _ComicsDocumentClass ComicsDocumentClass; -@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { - - /* 7zip */ - {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, -- -- /* tar */ -- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} - }; - - static GSList* get_supported_image_extensions (void); -@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = GNAUNRAR; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- - } else if (g_content_type_is_a (mime_type, "application/x-cbz") || - g_content_type_is_a (mime_type, "application/zip")) { - /* InfoZIP's unzip program */ -@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - - } else if (g_content_type_is_a (mime_type, "application/x-cb7") || - g_content_type_is_a (mime_type, "application/x-7z-compressed")) { -@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- } else if (g_content_type_is_a (mime_type, "application/x-cbt") || -- g_content_type_is_a (mime_type, "application/x-tar")) { -- /* tar utility (Tape ARchive) */ -- comics_document->selected_command = -- g_find_program_in_path ("tar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - } else { - g_set_error (error, - EV_DOCUMENT_ERROR, -diff --git a/configure.ac b/configure.ac -index 9e9f831..7eb0f1f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) - AC_SUBST(APPDATA_TIFF_MIME_TYPES) - AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) - if test "x$enable_comics" = "xyes"; then -- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" -+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" - APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g') - if test -z "$EVINCE_MIME_TYPES"; then - EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" --- -cgit v0.12 - diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch deleted file mode 100644 index b489401fea..0000000000 --- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch +++ /dev/null @@ -1,35 +0,0 @@ -Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE. - -Discussion: - -https://sourceforge.net/p/expat/bugs/539/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/ - -From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Sun, 17 Jul 2016 20:22:29 +0200 -Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE) - -Thanks to Andy Wang and Karl Waclawek! ---- - expat/lib/xmlparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c -index b308e67..0d5dd7b 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser, - &fromPtr, rawNameEnd, - (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); - convLen = (int)(toPtr - (XML_Char *)tag->buf); -- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { -+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { - tag->name.strLen = convLen; - break; - } --- -2.10.0 diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch deleted file mode 100644 index 4a0ca9f8f1..0000000000 --- a/gnu/packages/patches/fabric-tests.patch +++ /dev/null @@ -1,15 +0,0 @@ -The `fab` excecutable doesn't exist during the test phase as it is created -dynamically during installation. Refer to the equivalent Python module -directly. - ---- a/tests/test_utils.py -+++ b/tests/test_utils.py -@@ -93,7 +93,7 @@ - # perform when they are allowed to bubble all the way to the top. So, we - # invoke a subprocess and look at its stderr instead. - with quiet(): -- result = local("fab -f tests/support/aborts.py kaboom", capture=True) -+ result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True) - # When error in #1318 is present, this has an extra "It burns!" at end of - # stderr string. - eq_(result.stderr, "Fatal error: It burns!\n\nAborting.")
\ No newline at end of file diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch new file mode 100644 index 0000000000..5a37f4f1f9 --- /dev/null +++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch @@ -0,0 +1,294 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index a992f64..fb18dee 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -50,6 +50,28 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a semaphore or a lock is used to protect ++ these variables. If set to 1, 'volatile' is used; this is theoretically ++ equivalent but can lead to much slower execution (e.g. 30x slower total ++ run time on a 40-core machine), because 'volatile' does not imply any ++ synchronization/communication between different CPUs. */ ++#define USE_VOLATILE 0 ++ ++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H ++/* Whether to use a semaphore to communicate information between threads. ++ If set to 0, a lock is used. If set to 1, a semaphore is used. ++ Uncomment this to reduce the dependencies of this test. */ ++# define USE_SEMAPHORE 1 ++/* Mac OS X provides only named semaphores (sem_open); its facility for ++ unnamed semaphores (sem_init) does not work. */ ++# if defined __APPLE__ && defined __MACH__ ++# define USE_NAMED_SEMAPHORE 1 ++# else ++# define USE_UNNAMED_SEMAPHORE 1 ++# endif ++#endif ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -90,6 +112,12 @@ + + #include "glthread/thread.h" + #include "glthread/yield.h" ++#if USE_SEMAPHORE ++# include <errno.h> ++# include <fcntl.h> ++# include <semaphore.h> ++# include <unistd.h> ++#endif + + #if ENABLE_DEBUGGING + # define dbgprintf printf +@@ -103,6 +131,132 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#elif USE_SEMAPHORE ++/* This atomic_int implementation can only support the values 0 and 1. ++ It is initially 0 and can be set to 1 only once. */ ++# if USE_UNNAMED_SEMAPHORE ++struct atomic_int { ++ sem_t semaphore; ++}; ++#define atomic_int_semaphore(ai) (&(ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_init (&ai->semaphore, 0, 0); ++} ++# endif ++# if USE_NAMED_SEMAPHORE ++struct atomic_int { ++ sem_t *semaphore; ++}; ++#define atomic_int_semaphore(ai) ((ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_t *s; ++ unsigned int count; ++ for (count = 0; ; count++) ++ { ++ char name[80]; ++ /* Use getpid() in the name, so that different processes running at the ++ same time will not interfere. Use ai in the name, so that different ++ atomic_int in the same process will not interfere. Use a count in ++ the name, so that even in the (unlikely) case that a semaphore with ++ the specified name already exists, we can try a different name. */ ++ sprintf (name, "test-lock-%lu-%p-%u", ++ (unsigned long) getpid (), ai, count); ++ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); ++ if (s == SEM_FAILED) ++ { ++ if (errno == EEXIST) ++ /* Retry with a different name. */ ++ continue; ++ else ++ { ++ perror ("sem_open failed"); ++ abort (); ++ } ++ } ++ else ++ { ++ /* Try not to leave a semaphore hanging around on the file system ++ eternally, if we can avoid it. */ ++ sem_unlink (name); ++ break; ++ } ++ } ++ ai->semaphore = s; ++} ++# endif ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ if (sem_trywait (atomic_int_semaphore (ai)) == 0) ++ { ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++ return 1; ++ } ++ else if (errno == EAGAIN) ++ return 0; ++ else ++ abort (); ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ if (new_value == 0) ++ /* It's already initialized with 0. */ ++ return; ++ /* To set the value 1: */ ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +354,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +365,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +439,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +451,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +542,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +553,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch deleted file mode 100644 index 8ebe33bc6c..0000000000 --- a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch +++ /dev/null @@ -1,82 +0,0 @@ -The first patch is copied from the upstream source repository: - -https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da - -The second patch is adapted from a message to from the OpenEmbedded mailing list: - -http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html - -From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 14 Dec 2016 16:11:05 -0800 -Subject: Avoid conflicts with integer width macros from TS 18661-1:2014 - -glibc 2.25+ has now defined these macros in <limits.h> -https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a - -Create an alias for FC_CHAR_WIDTH for ABI compatibility - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h -index 5c72b22..070a557 100644 ---- a/fontconfig/fontconfig.h -+++ b/fontconfig/fontconfig.h -@@ -128,7 +128,8 @@ typedef int FcBool; - #define FC_USER_CACHE_FILE ".fonts.cache-" FC_CACHE_VERSION - - /* Adjust outline rasterizer */ --#define FC_CHAR_WIDTH "charwidth" /* Int */ -+#define FC_CHARWIDTH "charwidth" /* Int */ -+#define FC_CHAR_WIDTH FC_CHARWIDTH - #define FC_CHAR_HEIGHT "charheight"/* Int */ - #define FC_MATRIX "matrix" /* FcMatrix */ - -diff --git a/src/fcobjs.h b/src/fcobjs.h -index 1fc4f65..d27864b 100644 ---- a/src/fcobjs.h -+++ b/src/fcobjs.h -@@ -51,7 +51,7 @@ FC_OBJECT (DPI, FcTypeDouble, NULL) - FC_OBJECT (RGBA, FcTypeInteger, NULL) - FC_OBJECT (SCALE, FcTypeDouble, NULL) - FC_OBJECT (MINSPACE, FcTypeBool, NULL) --FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL) -+FC_OBJECT (CHARWIDTH, FcTypeInteger, NULL) - FC_OBJECT (CHAR_HEIGHT, FcTypeInteger, NULL) - FC_OBJECT (MATRIX, FcTypeMatrix, NULL) - FC_OBJECT (CHARSET, FcTypeCharSet, FcCompareCharSet) --- -cgit v0.10.2 - -From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem at gmail.com> -Date: Sun, 11 Dec 2016 14:32:00 -0800 -Subject: [PATCH] Avoid conflicts with integer width macros from TS - 18661-1:2014 - -glibc 2.25+ has now defined these macros in <limits.h> -https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a - -Signed-off-by: Khem Raj <raj.khem at gmail.com> ---- -Upstream-Status: Submitted - - fontconfig/fontconfig.h | 2 +- - src/fcobjs.h | 2 +- - src/fcobjshash.gperf | 2 +- - src/fcobjshash.h | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: fontconfig-2.12.1/src/fcobjshash.h -=================================================================== ---- fontconfig-2.12.1.orig/src/fcobjshash.h -+++ fontconfig-2.12.1/src/fcobjshash.h -@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char - {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT}, - {-1}, - #line 47 "fcobjshash.gperf" -- {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT}, -+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT}, - #line 48 "fcobjshash.gperf" - {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT}, - #line 55 "fcobjshash.gperf" diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch deleted file mode 100644 index e12f60ef00..0000000000 --- a/gnu/packages/patches/fontconfig-path-max.patch +++ /dev/null @@ -1,124 +0,0 @@ -This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined. - -The patch was adapted from upstream source repository: -'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>' -Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c - ---- - src/fcdefault.c | 34 +++++++++++++++++++++++++++------- - src/fcint.h | 6 ++++++ - src/fcstat.c | 12 +++++++++++- - 3 files changed, 44 insertions(+), 8 deletions(-) - -diff --git a/src/fcdefault.c b/src/fcdefault.c -index 6647a8f..5afd7ec 100644 ---- a/src/fcdefault.c -+++ b/src/fcdefault.c -@@ -148,17 +148,34 @@ retry: - prgname = FcStrdup (""); - #else - # if defined (HAVE_GETEXECNAME) -- const char *p = getexecname (); -+ char *p = FcStrdup(getexecname ()); - # elif defined (HAVE_READLINK) -- char buf[PATH_MAX + 1]; -- int len; -+ size_t size = FC_PATH_MAX; - char *p = NULL; - -- len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1); -- if (len != -1) -+ while (1) - { -- buf[len] = '\0'; -- p = buf; -+ char *buf = malloc (size); -+ ssize_t len; -+ -+ if (!buf) -+ break; -+ -+ len = readlink ("/proc/self/exe", buf, size - 1); -+ if (len < 0) -+ { -+ free (buf); -+ break; -+ } -+ if (len < size - 1) -+ { -+ buf[len] = 0; -+ p = buf; -+ break; -+ } -+ -+ free (buf); -+ size *= 2; - } - # else - char *p = NULL; -@@ -176,6 +193,9 @@ retry: - - if (!prgname) - prgname = FcStrdup (""); -+ -+ if (p) -+ free (p); - #endif - - if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) { -diff --git a/src/fcint.h b/src/fcint.h -index ac911ad..dad34c5 100644 ---- a/src/fcint.h -+++ b/src/fcint.h -@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA; - # define FC_DIR_SEPARATOR_S "/" - #endif - -+#ifdef PATH_MAX -+#define FC_PATH_MAX PATH_MAX -+#else -+#define FC_PATH_MAX 128 -+#endif -+ - #if __GNUC__ >= 4 - #define FC_UNUSED __attribute__((unused)) - #else -diff --git a/src/fcstat.c b/src/fcstat.c -index 1734fa4..f6e1aaa 100644 ---- a/src/fcstat.c -+++ b/src/fcstat.c -@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) - { - #endif - struct stat statb; -- char f[PATH_MAX + 1]; -+ char *f = malloc (len + 1 + dlen + 1); - -+ if (!f) -+ { -+ ret = -1; -+ goto bail; -+ } - memcpy (f, dir, len); - f[len] = FC_DIR_SEPARATOR; - memcpy (&f[len + 1], files[n]->d_name, dlen); -@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) - if (lstat (f, &statb) < 0) - { - ret = -1; -+ free (f); - goto bail; - } - if (S_ISDIR (statb.st_mode)) -+ { -+ free (f); - goto bail; -+ } - -+ free (f); - dtype = statb.st_mode; - #ifdef HAVE_STRUCT_DIRENT_D_TYPE - } --- -2.11.0 - diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch deleted file mode 100644 index 1891c4ab5f..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8105.patch +++ /dev/null @@ -1,56 +0,0 @@ -Fix CVE-2017-8105: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 - -From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Fri, 24 Mar 2017 09:15:10 +0100 -Subject: [PATCH] [psaux] Better protect `flex' handling. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -* src/psaux/t1decode.c (t1_decoder_parse_charstrings) -<callothersubr>: Since there is not a single flex operator but a -series of subroutine calls, malformed fonts can call arbitrary other -operators after the start of a flex, possibly adding points. For -this reason we have to check the available number of points before -inserting a point. ---- - ChangeLog | 15 +++++++++++++++ - src/psaux/t1decode.c | 9 +++++++++ - 2 files changed, 24 insertions(+) - -diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c -index af7b465e..7dd45135 100644 ---- a/src/psaux/t1decode.c -+++ b/src/psaux/t1decode.c -@@ -780,10 +780,19 @@ - /* point without adding any point to the outline */ - idx = decoder->num_flex_vectors++; - if ( idx > 0 && idx < 7 ) -+ { -+ /* in malformed fonts it is possible to have other */ -+ /* opcodes in the middle of a flex (which don't */ -+ /* increase `num_flex_vectors'); we thus have to */ -+ /* check whether we can add a point */ -+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) -+ goto Syntax_Error; -+ - t1_builder_add_point( builder, - x, - y, - (FT_Byte)( idx == 3 || idx == 6 ) ); -+ } - } - break; - --- -2.12.2 - diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch deleted file mode 100644 index d1145a87ee..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8287.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2017-8287: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 - -Patch copied from upstream source repository: -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 - -From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Sun, 26 Mar 2017 08:32:09 +0200 -Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety - guard. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 ---- - ChangeLog | 8 ++++++++ - src/psaux/psobjs.c | 8 ++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c -index d18e821a..0baf8368 100644 ---- a/src/psaux/psobjs.c -+++ b/src/psaux/psobjs.c -@@ -1718,6 +1718,14 @@ - first = outline->n_contours <= 1 - ? 0 : outline->contours[outline->n_contours - 2] + 1; - -+ /* in malformed fonts it can happen that a contour was started */ -+ /* but no points were added */ -+ if ( outline->n_contours && first == outline->n_points ) -+ { -+ outline->n_contours--; -+ return; -+ } -+ - /* We must not include the last point in the path if it */ - /* is located on the first point. */ - if ( outline->n_points > 1 ) --- -2.12.2 - diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch new file mode 100644 index 0000000000..74b10c4a44 --- /dev/null +++ b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch @@ -0,0 +1,20 @@ +Add missing include that triggers a build failure on PowerPC: + + ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’: + ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope + return signum == SIGSEGV && common_flags()->handle_segv; + ^ +From <https://patchwork.ozlabs.org/patch/725596/>. + +diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc +index c504168..59087b9 100644 +--- a/libsanitizer/asan/asan_linux.cc ++++ b/libsanitizer/asan/asan_linux.cc +@@ -29,6 +29,7 @@ + #include <dlfcn.h> + #include <fcntl.h> + #include <pthread.h> ++#include <signal.h> + #include <stdio.h> + #include <unistd.h> + #include <unwind.h> diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch new file mode 100644 index 0000000000..66034c5703 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2017-7890.patch @@ -0,0 +1,30 @@ +From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 +From: LEPILLER Julien <julien@lepiller.eu> +Date: Thu, 3 Aug 2017 17:04:17 +0200 +Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. + +The stack allocated color map buffers were not zeroed before usage, and +so undefined palette indexes could cause information leakage. + +This is CVE-2017-7890. +--- + src/gd_gif_in.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index 008d1ec..c195448 100644 +--- a/src/gd_gif_in.c ++++ b/src/gd_gif_in.c +@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + + gdImagePtr im = 0; + ++ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ + if(!ReadOK(fd, buf, 6)) { + return 0; + } +-- +2.13.3 + diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch new file mode 100644 index 0000000000..5ccdbe4ca1 --- /dev/null +++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/gettext-tools/gnulib-tests/test-lock.c ++++ b/gettext-tools/gnulib-tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch new file mode 100644 index 0000000000..31a378cfd0 --- /dev/null +++ b/gnu/packages/patches/gettext-multi-core.patch @@ -0,0 +1,185 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c +index d279d1d60..51cec3d6b 100644 +--- a/gettext-runtime/tests/test-lock.c ++++ b/gettext-runtime/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void) + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -311,7 +363,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -321,7 +374,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -395,7 +448,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -406,7 +460,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -497,7 +551,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -507,7 +562,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch deleted file mode 100644 index 622266b176..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch +++ /dev/null @@ -1,85 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 - -From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 5 Mar 2016 14:56:03 -0800 -Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER - ---- - Resource/Init/gs_init.ps | 2 ++ - psi/zfile.c | 36 ++++++++++++++++++++---------------- - 2 files changed, 22 insertions(+), 16 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index fa33d88..99888ac 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2018,6 +2018,7 @@ readonly def - - /.locksafe { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -@@ -2036,6 +2037,7 @@ readonly def - %% - /.locksafeglobal { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -diff --git a/psi/zfile.c b/psi/zfile.c -index 320ecd5..0b9f299 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) - - if (len < devlen) - return_error(e_rangecheck); /* not even room for device len */ -- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -- len - devlen); -- if (code == ~(uint) 0) { /* all done */ -- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -- return o_pop_estack; -- } else if (code > len) /* overran string */ -- return_error(e_rangecheck); -- else { -- push(1); -- ref_assign(op, pscratch); -- r_set_size(op, code + devlen); -- push_op_estack(file_continue); /* come again */ -- *++esp = pscratch[2]; /* proc */ -- return o_push_estack; -- } -+ -+ do { -+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -+ len - devlen); -+ if (code == ~(uint) 0) { /* all done */ -+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -+ return o_pop_estack; -+ } else if (code > len) /* overran string */ -+ return_error(e_rangecheck); -+ else if (iodev != iodev_default(imemory) -+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { -+ push(1); -+ ref_assign(op, pscratch); -+ r_set_size(op, code + devlen); -+ push_op_estack(file_continue); /* come again */ -+ *++esp = pscratch[2]; /* proc */ -+ return o_push_estack; -+ } -+ } while(1); - } - /* Cleanup procedure for enumerating files */ - static int --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch deleted file mode 100644 index c19fdb1d43..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch +++ /dev/null @@ -1,32 +0,0 @@ -The file names in the upstream patch below were modified to apply to GNU -ghostscript. - -From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 7 Jul 2015 16:57:41 +0100 -Subject: [PATCH] Bug 696041: sanity check for memory allocation. - -In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the -variable holding the actual number of bytes we allocate. - -No cluster differences ---- - gs/base/gsmalloc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/gsmalloc.c b/base/gsmalloc.c -index 624552d..cad79c2 100644 ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); --- -2.4.6 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch deleted file mode 100644 index 0a09f89016..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch +++ /dev/null @@ -1,185 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d - -From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:55:55 +0100 -Subject: [PATCH] Bug 697178: Add a file permissions callback - -For the rare occasions when the graphics library directly opens a file -(currently for reading), this allows us to apply any restrictions on -file access normally applied in the interpteter. ---- - base/gsicc_manage.c | 10 ++++++---- - base/gslibctx.c | 12 +++++++++++- - base/gslibctx.h | 7 +++++++ - psi/imain.c | 2 ++ - psi/int.mak | 2 +- - psi/zfile.c | 19 +++++++++++++++++++ - psi/zfile.h | 7 +++++++ - 7 files changed, 53 insertions(+), 6 deletions(-) - -diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c -index 931c2a6..e9c09c3 100644 ---- a/base/gsicc_manage.c -+++ b/base/gsicc_manage.c -@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc, - } - - /* First just try it like it is */ -- str = sfopen(pname, "rb", mem_gc); -- if (str != NULL) { -- *strp = str; -- return 0; -+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) { -+ str = sfopen(pname, "rb", mem_gc); -+ if (str != NULL) { -+ *strp = str; -+ return 0; -+ } - } - - /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */ -diff --git a/base/gslibctx.c b/base/gslibctx.c -index eaa0458..37ce1ca 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem ) - mem->gs_lib_ctx = NULL; - return -1; - } -- -+ pio->client_check_file_permission = NULL; - gp_get_realtime(pio->real_time_0); - - return 0; -@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem) - fflush(mem->gs_lib_ctx->fstderr); - /* else nothing to flush */ - } -+ -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ int code = 0; -+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) { -+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission); -+ } -+ return code; -+} -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 7a4e110..020e2d9 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server; - # define gs_font_dir_DEFINED - typedef struct gs_font_dir_s gs_font_dir; - #endif -+ -+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s - bool dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ - /* A table of local copies of the IODevices */ - struct gx_io_device_s **io_device_table; -+ client_check_file_permission_t client_check_file_permission; - /* Define the default value of AccurateScreens that affects setscreen - and setcolorscreen. */ - bool screen_accurate_screens; -@@ -108,6 +112,9 @@ int - void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname, - int dir_namelen); - -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) - #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) - -diff --git a/psi/imain.c b/psi/imain.c -index 9a9bb5d..6874128 100644 ---- a/psi/imain.c -+++ b/psi/imain.c -@@ -57,6 +57,7 @@ - #include "ivmspace.h" - #include "idisp.h" /* for setting display device callback */ - #include "iplugin.h" -+#include "zfile.h" - - #ifdef PACIFY_VALGRIND - #include "valgrind.h" -@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst) - "the_gs_name_table"); - if (code < 0) - return code; -+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions; - } - code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */ - if (code < 0) -diff --git a/psi/int.mak b/psi/int.mak -index 4654afc..bb30d51 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\ - $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\ - $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\ - $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\ -- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) -+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h) - $(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c - - #****** $(CCINT) interp.c -diff --git a/psi/zfile.c b/psi/zfile.c -index 2c6c958..2f27f82 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len, - return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup); - } - -+/* z_check_file_permissions: see zfile.h for explanation -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p; -+ gs_parsed_file_name_t pname; -+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting"; -+ int code = gs_parse_file_name(&pname, fname, len, imemory); -+ if (code < 0) -+ return code; -+ -+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0) -+ return e_invalidfileaccess; -+ -+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup); -+ return code; -+} -+ - /* <name_string> <access_string> file <file> */ - int /* exported for zsysvm.c */ - zfile(i_ctx_t *i_ctx_p) -diff --git a/psi/zfile.h b/psi/zfile.h -index fdf1373..a9399c7 100644 ---- a/psi/zfile.h -+++ b/psi/zfile.h -@@ -22,4 +22,11 @@ - int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn, - const char *file_access, stream **ps, gs_memory_t *mem); - -+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission) -+ * to allow applying the above permissions checks when opening file(s) from -+ * the graphics library -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, -+ const int len, const char *permission); - #endif --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch deleted file mode 100644 index 81cb26e9ed..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:59:25 +0100 -Subject: [PATCH] Bug 697179: Reference count device icc profile - -when copying a device ---- - base/gsdevice.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gsdevice.c b/base/gsdevice.c -index 778106f..aea986a 100644 ---- a/base/gsdevice.c -+++ b/base/gsdevice.c -@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem, - dev->memory = mem; - dev->retained = !internal; - rc_init(dev, mem, (internal ? 0 : 1)); -+ rc_increment(dev->icc_struct); - } - - void --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch deleted file mode 100644 index a557adfdea..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch +++ /dev/null @@ -1,48 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913 - -From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Wed, 5 Oct 2016 10:10:58 +0100 -Subject: [PATCH] DSC parser - validate parameters - -Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it." - -Regardless of any security implications, its simply wrong for a PostScript -operator not to validate its parameter(s). - -No differences expected. ---- - psi/zdscpars.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/psi/zdscpars.c b/psi/zdscpars.c -index c05e154..9b4b605 100644 ---- a/psi/zdscpars.c -+++ b/psi/zdscpars.c -@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p) - ref local_ref; - int code; - os_ptr const op = osp; -- dict * const pdict = op->value.pdict; -- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict); -- dsc_data_t * const data = -- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); -+ dict *pdict; -+ gs_memory_t *mem; -+ dsc_data_t *data; - -+ check_read_type(*op, t_dictionary); -+ -+ pdict = op->value.pdict; -+ mem = (gs_memory_t *)dict_memory(pdict); -+ -+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); - if (!data) - return_error(e_VMerror); - data->document_level = 0; --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch deleted file mode 100644 index aaf20b6c6c..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch +++ /dev/null @@ -1,47 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 - -From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 8 Oct 2016 16:10:27 +0100 -Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 - -and param types ---- - psi/zht2.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/psi/zht2.c b/psi/zht2.c -index fb4a264..dfa27a4 100644 ---- a/psi/zht2.c -+++ b/psi/zht2.c -@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) - gs_memory_t *mem; - uint edepth = ref_stack_count(&e_stack); - int npop = 2; -- int dict_enum = dict_first(op); -+ int dict_enum; - ref rvalue[2]; - int cname, colorant_number; - byte * pname; - uint name_size; - int halftonetype, type = 0; - gs_state *pgs = igs; -- int space_index = r_space_index(op - 1); -+ int space_index; -+ -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ check_type(*op, t_dictionary); -+ check_type(*(op - 1), t_dictionary); -+ -+ dict_enum = dict_first(op); -+ space_index = r_space_index(op - 1); - - mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; - --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch index db80b6ddec..d38bd593c0 100644 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch @@ -1,15 +1,60 @@ Fix CVE-2017-8291: -https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291 +https://bugs.ghostscript.com/show_bug.cgi?id=697799 +https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 -This patch is adapted from these two Artifex Ghostscript commits by Leo -Famulari <leo@famulari.name>: +Patches copied from upstream source repository: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad + +From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:03:33 +0100 +Subject: [PATCH] Bug 697799: have .eqproc check its parameters + +The Ghostscript custom operator .eqproc was not check the number or type of +the parameters it was given. +--- + psi/zmisc3.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b304246..37293ff4b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(gs_error_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +-- +2.13.0 + +From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:21:31 +0100 +Subject: [PATCH] Bug 697799: have .rsdparams check its parameters + +The Ghostscript internal operator .rsdparams wasn't checking the number or +type of the operands it was being passed. Do so. +--- + psi/zfrsd.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index fb4bce9..2629afa 100644 +index 191107d8a..950588d69 100644 --- a/psi/zfrsd.c +++ b/psi/zfrsd.c @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) @@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644 + int code = 0; + + if (ref_stack_count(&o_stack) < 1) -+ return_error(e_stackunderflow); ++ return_error(gs_error_stackunderflow); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(e_typecheck); ++ return_error(gs_error_typecheck); + } make_empty_array(&empty_array, a_readonly); @@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644 + && dict_find_string(op, "Filter", &pFilter) > 0) { if (!r_is_array(pFilter)) { if (!r_has_type(pFilter, t_name)) - return_error(e_typecheck); + return_error(gs_error_typecheck); @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(e_typecheck); + return_error(gs_error_typecheck); } } - code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (r_has_type(op, t_dictionary)) + code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ return code; - if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 - ) @@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644 push(1); op[-1] = *pFilter; if (pDecodeParms) +-- +2.13.0 + +From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 3 May 2017 12:05:45 +0100 +Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) + +When using the "DELAYBIND" feature, it turns out that .eqproc can be called with +parameters that are not both procedures. In this case, it turns out, the +expectation is for the operator to return 'false', rather than throw an error. +--- + psi/zmisc3.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b3042..0d357f1 100644 +index 37293ff4b..3f01d39a3 100644 --- a/psi/zmisc3.c +++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; +@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) + return gs_cliprestore(igs); + } -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(e_typecheck); -+ } ++static inline bool ++eqproc_check_type(ref *r) ++{ ++ return r_has_type(r, t_array) ++ || r_has_type(r, t_mixedarray) ++ || r_has_type(r, t_shortarray) ++ || r_has_type(r, t_oparray); ++} + + /* <proc1> <proc2> .eqproc <bool> */ + /* + * Test whether two procedures are equal to depth 10. +@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) + + if (ref_stack_count(&o_stack) < 2) + return_error(gs_error_stackunderflow); +- if (!r_is_array(op - 1) || !r_is_array(op)) { +- return_error(gs_error_typecheck); ++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { ++ make_false(op - 1); ++ pop(1); ++ return 0; + } + make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { +-- +2.13.0 + +From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 11 May 2017 14:07:48 +0100 +Subject: [PATCH] Bug 697892: fix check for op stack underflow. + +In the original fix, I used the wrong method to check for stack underflow, this +is using the correct method. +--- + psi/zfrsd.c | 3 +-- + psi/zmisc3.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 950588d69..9c035b96d 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) + uint i; + int code = 0; + +- if (ref_stack_count(&o_stack) < 1) +- return_error(gs_error_stackunderflow); ++ check_op(1); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { + return_error(gs_error_typecheck); + } +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 3f01d39a3..43803b55b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + +- if (ref_stack_count(&o_stack) < 2) +- return_error(gs_error_stackunderflow); ++ check_op(2); + if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { + make_false(op - 1); + pop(1); +-- +2.13.0 + diff --git a/gnu/packages/patches/ghostscript-no-header-creationdate.patch b/gnu/packages/patches/ghostscript-no-header-creationdate.patch new file mode 100644 index 0000000000..92ddbdade0 --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-creationdate.patch @@ -0,0 +1,22 @@ +This patch makes emission of /CreationDate and /ModDate headers optional. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the "/ID" field (if that's permissible). + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff --git a/orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c b/bb/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +index 0fb067e..b342e2c 100644 +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +@@ -305,6 +305,9 @@ pdf_initialize_ids(gx_device_pdf * pdev) + * date and time, rather than (for example) %%CreationDate from the + * PostScript file. We think this is wrong, but we do the same. + */ ++ if (!getenv("GS_GENERATE_UUIDS") || ++ (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && ++ strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0)) + { + struct tm tms; + time_t t; diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch new file mode 100644 index 0000000000..19b71aadb5 --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-id.patch @@ -0,0 +1,57 @@ +This patch makes the "/ID" field optional. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the "/ID" field (if that's permissible). + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:34:34.306524488 +0200 +@@ -1580,8 +1580,11 @@ + * +1 for the linearisation dict and +1 for the primary hint stream. + */ + linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file); +- gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0); ++ gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R", ++ linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", 0); + fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file); + + /* Write document catalog (Part 4) */ +@@ -2102,8 +2105,11 @@ + * in the missing values. + */ + code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET); +- gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref); ++ gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R", ++ linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref); + fwrite(LDict, strlen(LDict), 1, linear_params->sfile); + + code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET); +@@ -2674,10 +2680,12 @@ + stream_puts(s, "trailer\n"); + pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n", + pdev->next_id, Catalog_id, Info_id); +- stream_puts(s, "/ID ["); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- stream_puts(s, "]\n"); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */ ++ stream_puts(s, "/ID ["); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ stream_puts(s, "]\n"); ++ } + if (pdev->OwnerPassword.size > 0) { + pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id); + } +Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig. diff --git a/gnu/packages/patches/ghostscript-no-header-uuid.patch b/gnu/packages/patches/ghostscript-no-header-uuid.patch new file mode 100644 index 0000000000..473531220c --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-uuid.patch @@ -0,0 +1,50 @@ +This patch makes the UUIDs in the XMP header optional, depending on the +setting of the environment variable GS_GENERATE_UUIDS. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the Document UUID field and also will write the Instance ID +field value as "". + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c aa/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c 2017-07-10 01:04:12.252478276 +0200 +@@ -617,7 +617,7 @@ + return code; + + /* PDF/A XMP reference recommends setting UUID to empty. If not empty must be a URI */ +- if (pdev->PDFA != 0) ++ if (pdev->PDFA != 0 || (getenv("GS_GENERATE_UUIDS") && (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") == 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") == 0))) + instance_uuid[0] = 0x00; + + cre_date_time_len = pdf_get_docinfo_item(pdev, "/CreationDate", cre_date_time, sizeof(cre_date_time)); +@@ -719,15 +719,18 @@ + pdf_xml_tag_close(s, "rdf:Description"); + pdf_xml_newline(s); + +- pdf_xml_tag_open_beg(s, "rdf:Description"); +- pdf_xml_attribute_name(s, "rdf:about"); +- pdf_xml_attribute_value(s, instance_uuid); +- pdf_xml_attribute_name(s, "xmlns:xapMM"); +- pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/"); +- pdf_xml_attribute_name(s, "xapMM:DocumentID"); +- pdf_xml_attribute_value(s, document_uuid); +- pdf_xml_tag_end_empty(s); +- pdf_xml_newline(s); ++ if (!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0)) ++ { ++ pdf_xml_tag_open_beg(s, "rdf:Description"); ++ pdf_xml_attribute_name(s, "rdf:about"); ++ pdf_xml_attribute_value(s, instance_uuid); ++ pdf_xml_attribute_name(s, "xmlns:xapMM"); ++ pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/"); ++ pdf_xml_attribute_name(s, "xapMM:DocumentID"); ++ pdf_xml_attribute_value(s, document_uuid); ++ pdf_xml_tag_end_empty(s); ++ pdf_xml_newline(s); ++ } + + pdf_xml_tag_open_beg(s, "rdf:Description"); + pdf_xml_attribute_name(s, "rdf:about"); diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch index c7dcfd4529..9f161e45b3 100644 --- a/gnu/packages/patches/ghostscript-runpath.patch +++ b/gnu/packages/patches/ghostscript-runpath.patch @@ -1,17 +1,18 @@ -This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'. - ---- gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:45.386957927 +0200 -+++ gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:49.222982359 +0200 -@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR) +diff --git a/base/unix-dll.mak b/base/unix-dll.mak +index 9d57a99..36ef1ff 100644 +--- a/base/unix-dll.mak ++++ b/base/unix-dll.mak +@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS) # Build the small Ghostscript loaders, with Gtk+ and without - $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \ - -L$(BINDIR) -l$(GS_SO_BASE) + -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir) - $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \ - -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) + -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir) - # ------------------------- Recursive make targets ------------------------- # + $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS) + $(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE) diff --git a/gnu/packages/patches/glibc-CVE-2015-5180.patch b/gnu/packages/patches/glibc-CVE-2015-5180.patch new file mode 100644 index 0000000000..92e3740fc1 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-5180.patch @@ -0,0 +1,311 @@ +From b3b37f1a5559a7620e31c8053ed1b44f798f2b6d Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Sat, 31 Dec 2016 20:22:09 +0100 +Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ + #18784] + +Also rename T_UNSPEC because an upcoming public header file +update will use that name. + +(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5) +--- + ChangeLog | 14 ++++ + NEWS | 6 ++ + include/arpa/nameser_compat.h | 6 +- + resolv/Makefile | 5 ++ + resolv/nss_dns/dns-host.c | 2 +- + resolv/res_mkquery.c | 4 + + resolv/res_query.c | 6 +- + resolv/tst-resolv-qtypes.c | 185 ++++++++++++++++++++++++++++++++++++++++++ + 8 files changed, 221 insertions(+), 7 deletions(-) + create mode 100644 resolv/tst-resolv-qtypes.c + +diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h +index 2e735ed..7c0deed 100644 +--- a/include/arpa/nameser_compat.h ++++ b/include/arpa/nameser_compat.h +@@ -1,8 +1,8 @@ + #ifndef _ARPA_NAMESER_COMPAT_ + #include <resolv/arpa/nameser_compat.h> + +-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e., +- T_A and T_AAAA). */ +-#define T_UNSPEC 62321 ++/* The number is outside the 16-bit RR type range and is used ++ internally by the implementation. */ ++#define T_QUERY_A_AND_AAAA 439963904 + + #endif +diff --git a/resolv/Makefile b/resolv/Makefile +index 8be41d3..a4c86b9 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes) + extra-libs += libanl + routines += gai_sigqueue + tests += tst-res_hconf_reorder ++ ++# This test sends millions of packets and is rather slow. ++xtests += tst-resolv-qtypes + endif + extra-libs-others = $(extra-libs) + libresolv-routines := gethnamaddr res_comp res_debug \ +@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace + $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \ + $(evaluate-test) ++ ++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 5f9e357..d16fa4b 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + + int olderr = errno; + enum nss_status status; +- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC, ++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA, + host_buffer.buf->buf, 2048, &host_buffer.ptr, + &ans2p, &nans2p, &resplen2, &ans2p_malloced); + if (n >= 0) +diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c +index 12f9730..d80b531 100644 +--- a/resolv/res_mkquery.c ++++ b/resolv/res_mkquery.c +@@ -103,6 +103,10 @@ res_nmkquery(res_state statp, + int n; + u_char *dnptrs[20], **dpp, **lastdnptr; + ++ if (class < 0 || class > 65535 ++ || type < 0 || type > 65535) ++ return -1; ++ + #ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_nmkquery(%s, %s, %s, %s)\n", +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 944d1a9..07dc6f6 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp, + int n, use_malloc = 0; + u_int oflags = statp->_flags; + +- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE; ++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; + u_char *buf = alloca (bufsize); + u_char *query1 = buf; + int nquery1 = -1; +@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp, + printf(";; res_query(%s, %d, %d)\n", name, class, type); + #endif + +- if (type == T_UNSPEC) ++ if (type == T_QUERY_A_AND_AAAA) + { + n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL, + query1, bufsize); +@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp, + if (__builtin_expect (n <= 0, 0) && !use_malloc) { + /* Retry just in case res_nmkquery failed because of too + short buffer. Shouldn't happen. */ +- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET; ++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; + buf = malloc (bufsize); + if (buf != NULL) { + query1 = buf; +diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c +new file mode 100644 +index 0000000..b3e60c6 +--- /dev/null ++++ b/resolv/tst-resolv-qtypes.c +@@ -0,0 +1,185 @@ ++/* Exercise low-level query functions with different QTYPEs. ++ Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#include <resolv.h> ++#include <string.h> ++#include <support/check.h> ++#include <support/check_nss.h> ++#include <support/resolv_test.h> ++#include <support/support.h> ++#include <support/test-driver.h> ++#include <support/xmemstream.h> ++ ++/* If ture, the response function will send the actual response packet ++ over TCP instead of UDP. */ ++static volatile bool force_tcp; ++ ++/* Send back a fake resource record matching the QTYPE. */ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ if (force_tcp && ctx->tcp) ++ { ++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ return; ++ } ++ ++ resolv_response_init (b, (struct resolv_response_flags) { }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ resolv_response_add_data (b, &qtype, sizeof (qtype)); ++ resolv_response_close_record (b); ++} ++ ++static const const char *domain = "www.example.com"; ++ ++static int ++wrap_res_query (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_search (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_querydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_querydomain ("www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_send (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_mkquery (QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_send (buf, ret, answer, answer_length); ++} ++ ++static int ++wrap_res_nquery (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nsearch (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_nsend (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_nsend (&_res, buf, ret, answer, answer_length); ++} ++ ++static void ++test_function (const char *fname, ++ int (*func) (int type, ++ unsigned char *answer, int answer_length)) ++{ ++ unsigned char buf[512]; ++ for (int tcp = 0; tcp < 2; ++tcp) ++ { ++ force_tcp = tcp; ++ for (unsigned int type = 1; type <= 65535; ++type) ++ { ++ if (test_verbose) ++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n", ++ type, fname, tcp); ++ int ret = func (type, buf, sizeof (buf)); ++ if (ret != 47) ++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d", ++ fname,tcp, type, ret); ++ /* One question, one answer record. */ ++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0); ++ /* Question section. */ ++ static const char qname[] = "\3www\7example\3com"; ++ size_t qname_length = sizeof (qname); ++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0); ++ /* RDATA part of answer. */ ++ uint16_t type16 = type; ++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0); ++ } ++ } ++ ++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1)); ++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1)); ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_redirect_config config = ++ { ++ .response_callback = response, ++ }; ++ struct resolv_test *obj = resolv_test_start (config); ++ ++ test_function ("res_query", &wrap_res_query); ++ test_function ("res_search", &wrap_res_search); ++ test_function ("res_querydomain", &wrap_res_querydomain); ++ test_function ("res_send", &wrap_res_send); ++ ++ test_function ("res_nquery", &wrap_res_nquery); ++ test_function ("res_nsearch", &wrap_res_nsearch); ++ test_function ("res_nquerydomain", &wrap_res_nquerydomain); ++ test_function ("res_nsend", &wrap_res_nsend); ++ ++ resolv_test_end (obj); ++ return 0; ++} ++ ++#define TIMEOUT 300 ++#include <support/test-driver.c> +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch new file mode 100644 index 0000000000..12abeb76d4 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch @@ -0,0 +1,590 @@ +From b995d95a5943785be3ab862b2d3276f3b4a22481 Mon Sep 17 00:00:00 2001 +From: Carlos O'Donell <carlos@systemhalted.org> +Date: Tue, 16 Feb 2016 21:26:37 -0500 +Subject: [PATCH] CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug + 18665). + +* A stack-based buffer overflow was found in libresolv when invoked from + libnss_dns, allowing specially crafted DNS responses to seize control + of execution flow in the DNS client. The buffer overflow occurs in + the functions send_dg (send datagram) and send_vc (send TCP) for the + NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC + family. The use of AF_UNSPEC triggers the low-level resolver code to + send out two parallel queries for A and AAAA. A mismanagement of the + buffers used for those queries could result in the response of a query + writing beyond the alloca allocated buffer created by + _nss_dns_gethostbyname4_r. Buffer management is simplified to remove + the overflow. Thanks to the Google Security Team and Red Hat for + reporting the security impact of this issue, and Robert Holiday of + Ciena for reporting the related bug 18665. (CVE-2015-7547) + +See also: +https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html +https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html + +(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca) +--- + ChangeLog | 15 +++ + NEWS | 14 +++ + resolv/nss_dns/dns-host.c | 111 ++++++++++++++++++- + resolv/res_query.c | 3 + + resolv/res_send.c | 264 ++++++++++++++++++++++++++++++++++------------ + 5 files changed, 338 insertions(+), 69 deletions(-) + +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 357ac04..a0fe9a8 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + int h_namelen = 0; + + if (ancount == 0) +- return NSS_STATUS_NOTFOUND; ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } + + while (ancount-- > 0 && cp < end_of_message && had_error == 0) + { +@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + /* Special case here: if the resolver sent a result but it only + contains a CNAME while we are looking for a T_A or T_AAAA record, + we fail with NOTFOUND instead of TRYAGAIN. */ +- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; ++ if (canon != NULL) ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } ++ ++ *h_errnop = NETDB_INTERNAL; ++ return NSS_STATUS_TRYAGAIN; + } + + +@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + + enum nss_status status = NSS_STATUS_NOTFOUND; + ++ /* Combining the NSS status of two distinct queries requires some ++ compromise and attention to symmetry (A or AAAA queries can be ++ returned in any order). What follows is a breakdown of how this ++ code is expected to work and why. We discuss only SUCCESS, ++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns ++ that apply (though RETURN and MERGE exist). We make a distinction ++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). ++ A recoverable TRYAGAIN is almost always due to buffer size issues ++ and returns ERANGE in errno and the caller is expected to retry ++ with a larger buffer. ++ ++ Lastly, you may be tempted to make significant changes to the ++ conditions in this code to bring about symmetry between responses. ++ Please don't change anything without due consideration for ++ expected application behaviour. Some of the synthesized responses ++ aren't very well thought out and sometimes appear to imply that ++ IPv4 responses are always answer 1, and IPv6 responses are always ++ answer 2, but that's not true (see the implementation of send_dg ++ and send_vc to see response can arrive in any order, particularly ++ for UDP). However, we expect it holds roughly enough of the time ++ that this code works, but certainly needs to be fixed to make this ++ a more robust implementation. ++ ++ ---------------------------------------------- ++ | Answer 1 Status / | Synthesized | Reason | ++ | Answer 2 Status | Status | | ++ |--------------------------------------------| ++ | SUCCESS/SUCCESS | SUCCESS | [1] | ++ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | ++ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | ++ | SUCCESS/NOTFOUND | SUCCESS | [1] | ++ | SUCCESS/UNAVAIL | SUCCESS | [1] | ++ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | ++ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | ++ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | ++ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | ++ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | ++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | ++ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | ++ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | ++ | NOTFOUND/SUCCESS | SUCCESS | [3] | ++ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | ++ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | ++ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | ++ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | ++ | UNAVAIL/SUCCESS | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | ++ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | ++ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | ++ ---------------------------------------------- ++ ++ [1] If the first response is a success we return success. ++ This ignores the state of the second answer and in fact ++ incorrectly sets errno and h_errno to that of the second ++ answer. However because the response is a success we ignore ++ *errnop and *h_errnop (though that means you touched errno on ++ success). We are being conservative here and returning the ++ likely IPv4 response in the first answer as a success. ++ ++ [2] If the first response is a recoverable TRYAGAIN we return ++ that instead of looking at the second response. The ++ expectation here is that we have failed to get an IPv4 response ++ and should retry both queries. ++ ++ [3] If the first response was not a SUCCESS and the second ++ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, ++ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the ++ result from the second response, otherwise the first responses ++ status is used. Again we have some odd side-effects when the ++ second response is NOTFOUND because we overwrite *errnop and ++ *h_errnop that means that a first answer of NOTFOUND might see ++ its *errnop and *h_errnop values altered. Whether it matters ++ in practice that a first response NOTFOUND has the wrong ++ *errnop and *h_errnop is undecided. ++ ++ [4] If the first response is UNAVAIL we return that instead of ++ looking at the second response. The expectation here is that ++ it will have failed similarly e.g. configuration failure. ++ ++ [5] Testing this code is complicated by the fact that truncated ++ second response buffers might be returned as SUCCESS if the ++ first answer is a SUCCESS. To fix this we add symmetry to ++ TRYAGAIN with the second response. If the second response ++ is a recoverable error we now return TRYAGIN even if the first ++ response was SUCCESS. */ ++ + if (anslen1 > 0) + status = gaih_getanswer_slice(answer1, anslen1, qname, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ + if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND + || (status == NSS_STATUS_TRYAGAIN + /* We want to look at the second answer in case of an +@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ /* Use the second response status in some cases. */ + if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) + status = status2; ++ /* Do not return a truncated second response (unless it was ++ unavoidable e.g. unrecoverable TRYAGAIN). */ ++ if (status == NSS_STATUS_SUCCESS ++ && (status2 == NSS_STATUS_TRYAGAIN ++ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) ++ status = NSS_STATUS_TRYAGAIN; + } + + return status; +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 4a9b3b3..95470a9 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + } +@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + +@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + if (saved_herrno != -1) +diff --git a/resolv/res_send.c b/resolv/res_send.c +index 5e53cc2..6511bb1 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1,3 +1,20 @@ ++/* Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ + /* + * Copyright (c) 1985, 1989, 1993 + * The Regents of the University of California. All rights reserved. +@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, + #ifdef USE_HOOKS + if (__glibc_unlikely (statp->qhook || statp->rhook)) { + if (anssiz < MAXPACKET && ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *buf = malloc (MAXPACKET); + if (buf == NULL) + return (-1); +@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n) + return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; + } + ++/* The send_vc function is responsible for sending a DNS query over TCP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and ++ IPv6 queries at the same serially on the same socket. ++ ++ Please note that for TCP there is no way to disable sending both ++ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP ++ and sends the queries serially and waits for the result after each ++ sent query. This implemetnation should be corrected to honour these ++ options. ++ ++ Please also note that for TCP we send both queries over the same ++ socket one after another. This technically violates best practice ++ since the server is allowed to read the first query, respond, and ++ then close the socket (to service another client). If the server ++ does this, then the remaining second query in the socket data buffer ++ will cause the server to send the client an RST which will arrive ++ asynchronously and the client's OS will likely tear down the socket ++ receive buffer resulting in a potentially short read and lost ++ response data. This will force the client to retry the query again, ++ and this process may repeat until all servers and connection resets ++ are exhausted and then the query will fail. It's not known if this ++ happens with any frequency in real DNS server implementations. This ++ implementation should be corrected to use two sockets by default for ++ parallel queries. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ serially on the same socket. ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message and the rest of the socket data will be read and discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_vc(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -647,11 +737,7 @@ send_vc(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; +- // XXX REMOVE +- // int anssiz = *anssizp; +- HEADER *anhp = (HEADER *) ans; ++ HEADER *anhp = (HEADER *) *ansp; + struct sockaddr *nsap = get_nsaddr (statp, ns); + int truncating, connreset, n; + /* On some architectures compiler might emit a warning indicating +@@ -743,6 +829,8 @@ send_vc(res_state statp, + * Receive length & response + */ + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + uint16_t rlen16; + read_len: +@@ -779,40 +867,14 @@ send_vc(res_state statp, + u_char **thisansp; + int *thisresplenp; + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if __GNUC_PREREQ (4, 7) +- DIAG_PUSH_NEEDS_COMMENT; +- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); +-#endif +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +-#if __GNUC_PREREQ (4, 7) +- DIAG_POP_NEEDS_COMMENT; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; +@@ -820,10 +882,14 @@ send_vc(res_state statp, + anhp = (HEADER *) *thisansp; + + *thisresplenp = rlen; +- if (rlen > *thisanssizp) { +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- if (__glibc_likely (anscp != NULL)) { ++ /* Is the answer buffer too small? */ ++ if (*thisanssizp < rlen) { ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ if (thisansp != NULL && thisansp != ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp == NULL) { + *terrno = ENOMEM; +@@ -835,6 +901,9 @@ send_vc(res_state statp, + if (thisansp == ansp2) + *ansp2_malloced = 1; + anhp = (HEADER *) newp; ++ /* A uint16_t can't be larger than MAXPACKET ++ thus it's safe to allocate MAXPACKET but ++ read RLEN bytes instead. */ + len = rlen; + } else { + Dprint(statp->options & RES_DEBUG, +@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns) + return 1; + } + ++/* The send_dg function is responsible for sending a DNS query over UDP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries ++ along with the ability to send the query in parallel for both stacks ++ (default) or serially (RES_SINGLKUP). It also supports serial lookup ++ with a close and reopen of the socket used to talk to the server ++ (RES_SNGLKUPREOP) to work around broken name servers. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message, while the rest of the UDP packet is discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If an answer is truncated because of UDP datagram DNS limits then ++ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to ++ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 ++ if any progress was made reading a response from the nameserver and ++ is used by the caller to distinguish between ECONNREFUSED and ++ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_dg(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -1006,8 +1135,6 @@ send_dg(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; + struct timespec now, timeout, finish; + struct pollfd pfd[1]; + int ptimeout; +@@ -1040,6 +1167,8 @@ send_dg(res_state statp, + int need_recompute = 0; + int nwritten = 0; + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + pfd[0].fd = EXT(statp).nssocks[ns]; + pfd[0].events = POLLOUT; +@@ -1203,55 +1332,56 @@ send_dg(res_state statp, + int *thisresplenp; + + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; + } + + if (*thisanssizp < MAXPACKET +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- && anscp ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ && (thisansp != NULL && thisansp != ansp) + #ifdef FIONREAD ++ /* Is the size too small? */ + && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 + || *thisanssizp < *thisresplenp) + #endif + ) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp != NULL) { +- *anssizp = MAXPACKET; +- *thisansp = ans = newp; ++ *thisanssizp = MAXPACKET; ++ *thisansp = newp; + if (thisansp == ansp2) + *ansp2_malloced = 1; + } + } ++ /* We could end up with truncation if anscp was NULL ++ (not allowed to change caller's buffer) and the ++ response buffer size is too small. This isn't a ++ reliable way to detect truncation because the ioctl ++ may be an inaccurate report of the UDP message size. ++ Therefore we use this only to issue debug output. ++ To do truncation accurately with UDP we need ++ MSG_TRUNC which is only available on Linux. We ++ can abstract out the Linux-specific feature in the ++ future to detect truncation. */ ++ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { ++ Dprint(statp->options & RES_DEBUG, ++ (stdout, ";; response may be truncated (UDP)\n") ++ ); ++ } ++ + HEADER *anhp = (HEADER *) *thisansp; + socklen_t fromlen = sizeof(struct sockaddr_in6); + assert (sizeof(from) <= fromlen); +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-3075.patch b/gnu/packages/patches/glibc-CVE-2016-3075.patch new file mode 100644 index 0000000000..d16722806e --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3075.patch @@ -0,0 +1,43 @@ +From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Tue, 29 Mar 2016 12:57:56 +0200 +Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ + #19879] + +The defensive copy is not needed because the name may not alias the +output buffer. + +(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4) +(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f) +--- + ChangeLog | 7 +++++++ + NEWS | 10 ++++++++-- + resolv/nss_dns/dns-network.c | 5 +---- + 3 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c +index 2eb2f67..8f301a7 100644 +--- a/resolv/nss_dns/dns-network.c ++++ b/resolv/nss_dns/dns-network.c +@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, + } net_buffer; + querybuf *orig_net_buffer; + int anslen; +- char *qbuf; + enum nss_status status; + + if (__res_maybe_init (&_res, 0) == -1) + return NSS_STATUS_UNAVAIL; + +- qbuf = strdupa (name); +- + net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); + +- anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, ++ anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, + 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); + if (anslen < 0) + { +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-3706.patch b/gnu/packages/patches/glibc-CVE-2016-3706.patch new file mode 100644 index 0000000000..617242df24 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3706.patch @@ -0,0 +1,188 @@ +From 1a8a7c12950a0026a3c406a7cb1608f96aa1460e Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Fri, 29 Apr 2016 10:35:34 +0200 +Subject: [PATCH] CVE-2016-3706: getaddrinfo: stack overflow in hostent + conversion [BZ #20010] + +When converting a struct hostent response to struct gaih_addrtuple, the +gethosts macro (which is called from gaih_inet) used alloca, without +malloc fallback for large responses. This commit changes this code to +use calloc unconditionally. + +This commit also consolidated a second hostent-to-gaih_addrtuple +conversion loop (in gaih_inet) to use the new conversion function. + +(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9) +--- + ChangeLog | 10 ++++ + sysdeps/posix/getaddrinfo.c | 130 +++++++++++++++++++++++--------------------- + 2 files changed, 79 insertions(+), 61 deletions(-) + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 1ef3f20..fed2d3b 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -168,9 +168,58 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. ++ h_name is not copied, and the struct hostent object must not be ++ deallocated prematurely. *RESULT must be NULL or a pointer to an ++ object allocated using malloc, which is freed. */ ++static bool ++convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, ++ int family, ++ struct hostent *h, ++ struct gaih_addrtuple **result) ++{ ++ free (*result); ++ *result = NULL; ++ ++ /* Count the number of addresses in h->h_addr_list. */ ++ size_t count = 0; ++ for (char **p = h->h_addr_list; *p != NULL; ++p) ++ ++count; ++ ++ /* Report no data if no addresses are available, or if the incoming ++ address size is larger than what we can store. */ ++ if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) ++ return true; ++ ++ struct gaih_addrtuple *array = calloc (count, sizeof (*array)); ++ if (array == NULL) ++ return false; ++ ++ for (size_t i = 0; i < count; ++i) ++ { ++ if (family == AF_INET && req->ai_family == AF_INET6) ++ { ++ /* Perform address mapping. */ ++ array[i].family = AF_INET6; ++ memcpy(array[i].addr + 3, h->h_addr_list[i], sizeof (uint32_t)); ++ array[i].addr[2] = htonl (0xffff); ++ } ++ else ++ { ++ array[i].family = family; ++ memcpy (array[i].addr, h->h_addr_list[i], h->h_length); ++ } ++ array[i].next = array + i + 1; ++ } ++ array[0].name = h->h_name; ++ array[count - 1].next = NULL; ++ ++ *result = array; ++ return true; ++} ++ + #define gethosts(_family, _type) \ + { \ +- int i; \ + int herrno; \ + struct hostent th; \ + struct hostent *h; \ +@@ -219,36 +268,23 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + } \ + else if (h != NULL) \ + { \ +- for (i = 0; h->h_addr_list[i]; i++) \ ++ /* Make sure that addrmem can be freed. */ \ ++ if (!malloc_addrmem) \ ++ addrmem = NULL; \ ++ if (!convert_hostent_to_gaih_addrtuple (req, _family,h, &addrmem)) \ + { \ +- if (*pat == NULL) \ +- { \ +- *pat = __alloca (sizeof (struct gaih_addrtuple)); \ +- (*pat)->scopeid = 0; \ +- } \ +- uint32_t *addr = (*pat)->addr; \ +- (*pat)->next = NULL; \ +- (*pat)->name = i == 0 ? strdupa (h->h_name) : NULL; \ +- if (_family == AF_INET && req->ai_family == AF_INET6) \ +- { \ +- (*pat)->family = AF_INET6; \ +- addr[3] = *(uint32_t *) h->h_addr_list[i]; \ +- addr[2] = htonl (0xffff); \ +- addr[1] = 0; \ +- addr[0] = 0; \ +- } \ +- else \ +- { \ +- (*pat)->family = _family; \ +- memcpy (addr, h->h_addr_list[i], sizeof(_type)); \ +- } \ +- pat = &((*pat)->next); \ ++ _res.options |= old_res_options & RES_USE_INET6; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ ++ *pat = addrmem; \ ++ /* The conversion uses malloc unconditionally. */ \ ++ malloc_addrmem = true; \ + \ + if (localcanon != NULL && canon == NULL) \ + canon = strdupa (localcanon); \ + \ +- if (_family == AF_INET6 && i > 0) \ ++ if (_family == AF_INET6 && *pat != NULL) \ + got_ipv6 = true; \ + } \ + } +@@ -612,44 +648,16 @@ gaih_inet (const char *name, const struct gaih_service *service, + { + if (h != NULL) + { +- int i; +- /* We found data, count the number of addresses. */ +- for (i = 0; h->h_addr_list[i]; ++i) +- ; +- if (i > 0 && *pat != NULL) +- --i; +- +- if (__libc_use_alloca (alloca_used +- + i * sizeof (struct gaih_addrtuple))) +- addrmem = alloca_account (i * sizeof (struct gaih_addrtuple), +- alloca_used); +- else +- { +- addrmem = malloc (i +- * sizeof (struct gaih_addrtuple)); +- if (addrmem == NULL) +- { +- result = -EAI_MEMORY; +- goto free_and_return; +- } +- malloc_addrmem = true; +- } +- +- /* Now convert it into the list. */ +- struct gaih_addrtuple *addrfree = addrmem; +- for (i = 0; h->h_addr_list[i]; ++i) ++ /* We found data, convert it. */ ++ if (!convert_hostent_to_gaih_addrtuple ++ (req, AF_INET, h, &addrmem)) + { +- if (*pat == NULL) +- { +- *pat = addrfree++; +- (*pat)->scopeid = 0; +- } +- (*pat)->next = NULL; +- (*pat)->family = AF_INET; +- memcpy ((*pat)->addr, h->h_addr_list[i], +- h->h_length); +- pat = &((*pat)->next); ++ result = -EAI_MEMORY; ++ goto free_and_return; + } ++ *pat = addrmem; ++ /* The conversion uses malloc unconditionally. */ ++ malloc_addrmem = true; + } + } + else +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch new file mode 100644 index 0000000000..5eebd10543 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-4429.patch @@ -0,0 +1,58 @@ +From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Mon, 23 May 2016 20:18:34 +0200 +Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ + #20112] + +The call is technically in a loop, and under certain circumstances +(which are quite difficult to reproduce in a test case), alloca +can be invoked repeatedly during a single call to clntudp_call. +As a result, the available stack space can be exhausted (even +though individual alloca sizes are bounded implicitly by what +can fit into a UDP packet, as a side effect of the earlier +successful send operation). + +(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) +--- + ChangeLog | 7 +++++++ + NEWS | 4 ++++ + sunrpc/clnt_udp.c | 10 +++++++++- + 3 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c +index a6cf5f1..4d9acb1 100644 +--- a/sunrpc/clnt_udp.c ++++ b/sunrpc/clnt_udp.c +@@ -388,9 +388,15 @@ send_again: + struct sock_extended_err *e; + struct sockaddr_in err_addr; + struct iovec iov; +- char *cbuf = (char *) alloca (outlen + 256); ++ char *cbuf = malloc (outlen + 256); + int ret; + ++ if (cbuf == NULL) ++ { ++ cu->cu_error.re_errno = errno; ++ return (cu->cu_error.re_status = RPC_CANTRECV); ++ } ++ + iov.iov_base = cbuf + 256; + iov.iov_len = outlen; + msg.msg_name = (void *) &err_addr; +@@ -415,10 +421,12 @@ send_again: + cmsg = CMSG_NXTHDR (&msg, cmsg)) + if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) + { ++ free (cbuf); + e = (struct sock_extended_err *) CMSG_DATA(cmsg); + cu->cu_error.re_errno = e->ee_errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } ++ free (cbuf); + } + #endif + do +-- +2.9.3 + diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch new file mode 100644 index 0000000000..2cb3d46f62 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch @@ -0,0 +1,28 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188. + +diff -ur a/coders/png.c b/coders/png.c +--- a/coders/png.c 2017-07-04 17:32:08.000000000 -0400 ++++ b/coders/png.c 2017-08-19 11:16:20.933969362 -0400 +@@ -4101,11 +4101,17 @@ + mng_info->image=image; + } + +- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height +- > 65535L)) +- (void) ThrowException(&image->exception,ImageError, +- WidthOrHeightExceedsLimit, +- image->filename); ++ if ((mng_info->mng_width > 65535L) || ++ (mng_info->mng_height > 65535L)) ++ { ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " MNG width or height is too large: %lu, %lu", ++ mng_info->mng_width,mng_info->mng_height); ++ MagickFreeMemory(chunk); ++ ThrowReaderException(CorruptImageError, ++ ImproperImageHeader,image); ++ } ++ + FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width, + mng_info->mng_height); + mng_info->frame.left=0; diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch new file mode 100644 index 0000000000..7036f37438 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch @@ -0,0 +1,16 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd. + +diff -ur a/coders/wmf.c b/coders/wmf.c +--- a/coders/wmf.c 2016-09-05 15:20:23.000000000 -0400 ++++ b/coders/wmf.c 2017-08-19 10:38:08.984187264 -0400 +@@ -2719,8 +2719,8 @@ + if(image->exception.severity != UndefinedException) + ThrowException2(exception, + CoderWarning, +- ddata->image->exception.reason, +- ddata->image->exception.description); ++ image->exception.reason, ++ image->exception.description); + + if(logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()"); diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch new file mode 100644 index 0000000000..71af9ffe59 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch @@ -0,0 +1,28 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978. + +diff -ur a/coders/sun.c b/coders/sun.c +--- a/coders/sun.c 2016-05-30 13:19:54.000000000 -0400 ++++ b/coders/sun.c 2017-08-18 18:00:00.191023610 -0400 +@@ -1,5 +1,5 @@ + /* +-% Copyright (C) 2003-2015 GraphicsMagick Group ++% Copyright (C) 2003-2017 GraphicsMagick Group + % Copyright (C) 2002 ImageMagick Studio + % Copyright 1991-1999 E. I. du Pont de Nemours and Company + % +@@ -577,6 +577,7 @@ + for (bit=7; bit >= 0; bit--) + { + index=((*p) & (0x01 << bit) ? 0x01 : 0x00); ++ VerifyColormapIndex(image,index); + indexes[x+7-bit]=index; + q[x+7-bit]=image->colormap[index]; + } +@@ -587,6 +588,7 @@ + for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--) + { + index=((*p) & (0x01 << bit) ? 0x01 : 0x00); ++ VerifyColormapIndex(image,index); + indexes[x+7-bit]=index; + q[x+7-bit]=image->colormap[index]; + } diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch new file mode 100644 index 0000000000..68c33f1031 --- /dev/null +++ b/gnu/packages/patches/grep-gnulib-lock.patch @@ -0,0 +1,32 @@ +This patch fix error on 'gnulib' library required to build +'grep' package on GNU/Hurd. +The patch was adapted from upstream source repository: +'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' + +Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd + +diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c +index 061562b..afc86f4 100644 +--- a/lib/glthread/lock.c ++++ b/lib/glthread/lock.c +@@ -30,7 +30,7 @@ + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER + +diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h +index ec16d39..67932aa 100644 +--- a/lib/glthread/lock.h ++++ b/lib/glthread/lock.h +@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/groff-source-date-epoch.patch b/gnu/packages/patches/groff-source-date-epoch.patch new file mode 100644 index 0000000000..53c590b049 --- /dev/null +++ b/gnu/packages/patches/groff-source-date-epoch.patch @@ -0,0 +1,299 @@ +Adds support for the environment variable SOURCE_DATE_EPOCH. + +See: https://sources.debian.net/patches/groff/1.22.3-9/source-date-epoch.patch/ + +From abc23bc9245e18468817f2838361c3a08f7521e2 Mon Sep 17 00:00:00 2001 +From: Colin Watson <cjwatson@debian.org> +Date: Thu, 5 Nov 2015 11:47:34 +0000 +Subject: Implement `SOURCE_DATE_EPOCH' for reproducible builds. + +Author: Colin Watson <cjwatson@debian.org> +Forwarded: yes +Last-Update: 2015-11-05 + +Patch-Name: source-date-epoch.patch +--- + doc/groff.texinfo | 6 +++++ + src/devices/grohtml/grohtml.man | 7 ++++++ + src/devices/grohtml/post-html.cpp | 5 ++-- + src/devices/gropdf/gropdf.man | 7 ++++++ + src/devices/gropdf/gropdf.pl | 3 ++- + src/devices/grops/grops.man | 7 ++++++ + src/devices/grops/ps.cpp | 3 ++- + src/include/curtime.h | 23 ++++++++++++++++++ + src/libs/libgroff/Makefile.sub | 2 ++ + src/libs/libgroff/curtime.cpp | 51 +++++++++++++++++++++++++++++++++++++++ + src/roff/troff/input.cpp | 3 ++- + 11 files changed, 112 insertions(+), 5 deletions(-) + create mode 100644 src/include/curtime.h + create mode 100644 src/libs/libgroff/curtime.cpp + +diff --git a/doc/groff.texinfo b/doc/groff.texinfo +index 066b5274..1d3c7a9f 100644 +--- a/doc/groff.texinfo ++++ b/doc/groff.texinfo +@@ -1453,6 +1453,12 @@ default directory (on Unix and GNU/Linux systems, this is usually + @item GROFF_TYPESETTER + @tindex GROFF_TYPESETTER@r{, environment variable} + The default output device. ++ ++@item SOURCE_DATE_EPOCH ++@tindex SOURCE_DATE_EPOCH@r{, environment variable} ++A timestamp (expressed as seconds since the Unix epoch) to use in place of ++the current time when initializing time-based built-in registers such as ++@code{\n[seconds]}. + @end table + + Note that MS-DOS and MS-Windows ports of @code{groff} use semi-colons, +diff --git a/src/devices/grohtml/grohtml.man b/src/devices/grohtml/grohtml.man +index 51eae224..4be4abbc 100644 +--- a/src/devices/grohtml/grohtml.man ++++ b/src/devices/grohtml/grohtml.man +@@ -419,6 +419,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH BUGS + .\" -------------------------------------------------------------------- +diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp +index fefbf014..b5fc5167 100644 +--- a/src/devices/grohtml/post-html.cpp ++++ b/src/devices/grohtml/post-html.cpp +@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ + #include "html.h" + #include "html-text.h" + #include "html-table.h" ++#include "curtime.h" + + #include <time.h> + +@@ -5013,7 +5014,7 @@ void html_printer::do_file_components (void) + .put_string(Version_string) + .end_comment(); + +- t = time(0); ++ t = current_time(); + html.begin_comment("CreationDate: ") + .put_string(ctime(&t), strlen(ctime(&t))-1) + .end_comment(); +@@ -5126,7 +5127,7 @@ html_printer::~html_printer() + .put_string(Version_string) + .end_comment(); + +- t = time(0); ++ t = current_time(); + html.begin_comment("CreationDate: ") + .put_string(ctime(&t), strlen(ctime(&t))-1) + .end_comment(); +diff --git a/src/devices/gropdf/gropdf.man b/src/devices/gropdf/gropdf.man +index 3bbace6a..cc0c82f1 100644 +--- a/src/devices/gropdf/gropdf.man ++++ b/src/devices/gropdf/gropdf.man +@@ -1029,6 +1029,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH FILES + .\" -------------------------------------------------------------------- +diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl +index 035d1238..c25c4c67 100644 +--- a/src/devices/gropdf/gropdf.pl ++++ b/src/devices/gropdf/gropdf.pl +@@ -239,13 +239,14 @@ elsif (exists($ppsz{$papersz})) + @defaultmb=@mediabox=(0,0,$ppsz{$papersz}->[0],$ppsz{$papersz}->[1]); + } + +-my (@dt)=localtime(time); ++my (@dt)=localtime($ENV{SOURCE_DATE_EPOCH} || time); + my $dt=PDFDate(\@dt); + + my %info=('Creator' => "(groff version $cfg{GROFF_VERSION})", + 'Producer' => "(gropdf version $cfg{GROFF_VERSION})", + 'ModDate' => "($dt)", + 'CreationDate' => "($dt)"); ++ + while (<>) + { + chomp; +diff --git a/src/devices/grops/grops.man b/src/devices/grops/grops.man +index 99fb7486..272c2d18 100644 +--- a/src/devices/grops/grops.man ++++ b/src/devices/grops/grops.man +@@ -1419,6 +1419,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH FILES + .\" -------------------------------------------------------------------- +diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp +index 745a503b..03e65372 100644 +--- a/src/devices/grops/ps.cpp ++++ b/src/devices/grops/ps.cpp +@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ + #include "cset.h" + #include "nonposix.h" + #include "paper.h" ++#include "curtime.h" + + #include "ps.h" + #include <time.h> +@@ -1390,7 +1391,7 @@ ps_printer::~ps_printer() + #else + time_t + #endif +- t = time(0); ++ t = current_time(); + fputs(ctime(&t), out.get_file()); + } + for (font_pointer_list *f = font_list; f; f = f->next) { +diff --git a/src/include/curtime.h b/src/include/curtime.h +new file mode 100644 +index 00000000..a4105196 +--- /dev/null ++++ b/src/include/curtime.h +@@ -0,0 +1,23 @@ ++/* Copyright (C) 2015 Free Software Foundation, Inc. ++ ++This file is part of groff. ++ ++groff is free software; you can redistribute it and/or modify it under ++the terms of the GNU General Public License as published by the Free ++Software Foundation, either version 2 of the License, or ++(at your option) any later version. ++ ++groff is distributed in the hope that it will be useful, but WITHOUT ANY ++WARRANTY; without even the implied warranty of MERCHANTABILITY or ++FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. ++ ++The GNU General Public License version 2 (GPL2) is available in the ++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */ ++ ++#ifdef LONG_FOR_TIME_T ++long ++#else ++time_t ++#endif ++current_time(); +diff --git a/src/libs/libgroff/Makefile.sub b/src/libs/libgroff/Makefile.sub +index 840d9934..4cb4937a 100644 +--- a/src/libs/libgroff/Makefile.sub ++++ b/src/libs/libgroff/Makefile.sub +@@ -32,6 +32,7 @@ OBJS=\ + cmap.$(OBJEXT) \ + color.$(OBJEXT) \ + cset.$(OBJEXT) \ ++ curtime.$(OBJEXT) \ + device.$(OBJEXT) \ + errarg.$(OBJEXT) \ + error.$(OBJEXT) \ +@@ -82,6 +83,7 @@ CCSRCS=\ + $(srcdir)/cmap.cpp \ + $(srcdir)/color.cpp \ + $(srcdir)/cset.cpp \ ++ $(srcdir)/curtime.cpp \ + $(srcdir)/device.cpp \ + $(srcdir)/errarg.cpp \ + $(srcdir)/error.cpp \ +diff --git a/src/libs/libgroff/curtime.cpp b/src/libs/libgroff/curtime.cpp +new file mode 100644 +index 00000000..00821b7f +--- /dev/null ++++ b/src/libs/libgroff/curtime.cpp +@@ -0,0 +1,51 @@ ++/* Copyright (C) 2015 Free Software Foundation, Inc. ++ ++This file is part of groff. ++ ++groff is free software; you can redistribute it and/or modify it under ++the terms of the GNU General Public License as published by the Free ++Software Foundation, either version 2 of the License, or ++(at your option) any later version. ++ ++groff is distributed in the hope that it will be useful, but WITHOUT ANY ++WARRANTY; without even the implied warranty of MERCHANTABILITY or ++FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. ++ ++The GNU General Public License version 2 (GPL2) is available in the ++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */ ++ ++#include <errno.h> ++#include <limits.h> ++#include <stdlib.h> ++#include <string.h> ++#include <time.h> ++ ++#include "errarg.h" ++#include "error.h" ++ ++#ifdef LONG_FOR_TIME_T ++long ++#else ++time_t ++#endif ++current_time() ++{ ++ char *source_date_epoch = getenv("SOURCE_DATE_EPOCH"); ++ ++ if (source_date_epoch) { ++ errno = 0; ++ char *endptr; ++ long epoch = strtol(source_date_epoch, &endptr, 10); ++ ++ if ((errno == ERANGE && (epoch == LONG_MAX || epoch == LONG_MIN)) || ++ (errno != 0 && epoch == 0)) ++ fatal("$SOURCE_DATE_EPOCH: strtol: %1", strerror(errno)); ++ if (endptr == source_date_epoch) ++ fatal("$SOURCE_DATE_EPOCH: no digits found: %1", endptr); ++ if (*endptr != '\0') ++ fatal("$SOURCE_DATE_EPOCH: trailing garbage: %1", endptr); ++ return epoch; ++ } else ++ return time(0); ++} +diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp +index 9594f074..f7d2c18a 100644 +--- a/src/roff/troff/input.cpp ++++ b/src/roff/troff/input.cpp +@@ -36,6 +36,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ + #include "input.h" + #include "defs.h" + #include "unicode.h" ++#include "curtime.h" + + // Needed for getpid() and isatty() + #include "posix.h" +@@ -8138,7 +8139,7 @@ static void init_registers() + #else /* not LONG_FOR_TIME_T */ + time_t + #endif /* not LONG_FOR_TIME_T */ +- t = time(0); ++ t = current_time(); + // Use struct here to work around misfeature in old versions of g++. + struct tm *tt = localtime(&t); + set_number_reg("seconds", int(tt->tm_sec)); diff --git a/gnu/packages/patches/guile-2.2-default-utf8.patch b/gnu/packages/patches/guile-2.2-default-utf8.patch new file mode 100644 index 0000000000..3233388874 --- /dev/null +++ b/gnu/packages/patches/guile-2.2-default-utf8.patch @@ -0,0 +1,78 @@ +This hack makes Guile default to UTF-8. This avoids calls to +`iconv_open'; `iconv_open' tries to open shared objects that aren't +available during bootstrap, so using UTF-8 avoids that (and UTF-8 has +built-in conversions in glibc, too.) + +diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c +index 7cd753009..de92653a4 100644 +--- a/libguile/bytevectors.c ++++ b/libguile/bytevectors.c +@@ -1918,7 +1918,7 @@ utf_encoding_name (char *name, size_t utf_width, SCM endianness) + if (scm_i_is_narrow_string (str)) \ + { \ + err = mem_iconveh (scm_i_string_chars (str), c_strlen, \ +- "ISO-8859-1", c_utf_name, \ ++ "UTF-8", c_utf_name, \ + iconveh_question_mark, NULL, \ + &c_utf, &c_utf_len); \ + if (SCM_UNLIKELY (err)) \ +diff --git a/libguile/ports.c b/libguile/ports.c +index 2a25cd58e..bdaf921ca 100644 +--- a/libguile/ports.c ++++ b/libguile/ports.c +@@ -959,7 +959,9 @@ canonicalize_encoding (const char *enc) + char *ret; + int i; + +- if (!enc || encoding_matches (enc, sym_ISO_8859_1)) ++ if (enc == NULL) ++ return sym_UTF_8; ++ if (encoding_matches (enc, sym_ISO_8859_1)) + return sym_ISO_8859_1; + if (encoding_matches (enc, sym_UTF_8)) + return sym_UTF_8; +@@ -4182,7 +4184,7 @@ scm_init_ports (void) + scm_c_define ("%default-port-conversion-strategy", + scm_make_fluid_with_default (sym_substitute)); + /* Use the locale as the default port encoding. */ +- scm_i_set_default_port_encoding (locale_charset ()); ++ scm_i_set_default_port_encoding ("UTF-8"); + + scm_c_register_extension ("libguile-" SCM_EFFECTIVE_VERSION, + "scm_init_ice_9_ports", +diff --git a/libguile/strings.c b/libguile/strings.c +index 5c49e33d8..0131e6dc8 100644 +--- a/libguile/strings.c ++++ b/libguile/strings.c +@@ -1561,7 +1561,7 @@ scm_i_default_string_failed_conversion_handler (void) + SCM + scm_from_locale_stringn (const char *str, size_t len) + { +- return scm_from_stringn (str, len, locale_charset (), ++ return scm_from_stringn (str, len, "UTF-8", + scm_i_default_string_failed_conversion_handler ()); + } + +@@ -1885,7 +1885,7 @@ char * + scm_to_locale_stringn (SCM str, size_t *lenp) + { + return scm_to_stringn (str, lenp, +- locale_charset (), ++ "UTF-8", + scm_i_default_string_failed_conversion_handler ()); + } + +@@ -2216,11 +2216,11 @@ scm_to_stringn (SCM str, size_t *lenp, const char *encoding, + len = 0; + enc = encoding; + if (enc == NULL) +- enc = "ISO-8859-1"; ++ enc = "UTF-8"; + if (scm_i_is_narrow_string (str)) + { + ret = mem_iconveh (scm_i_string_chars (str), ilen, +- "ISO-8859-1", enc, ++ "UTF-8", enc, + (enum iconv_ilseq_handler) handler, NULL, + &buf, &len); + diff --git a/gnu/packages/patches/guile-bytestructures-name-clash.patch b/gnu/packages/patches/guile-bytestructures-name-clash.patch new file mode 100644 index 0000000000..ac834dd504 --- /dev/null +++ b/gnu/packages/patches/guile-bytestructures-name-clash.patch @@ -0,0 +1,31 @@ +This patch works around a name clash between the 'cstring-pointer' module and +the 'cstring-module' variable that occurs in Guile 2.0: + + ice-9/boot-9.scm:109:20: re-exporting local variable: cstring-pointer + +--- guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:32.858289986 +0200 ++++ guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:41.130244725 +0200 +@@ -1,6 +1,6 @@ + (define-module (bytestructures guile)) + +-(import ++(use-modules + (bytestructures guile base) + (bytestructures guile vector) + (bytestructures guile struct) +@@ -8,7 +8,7 @@ + (bytestructures guile pointer) + (bytestructures guile numeric) + (bytestructures guile string) +- (bytestructures guile cstring-pointer)) ++ ((bytestructures guile cstring-pointer) #:prefix cstr:)) + (re-export + make-bytestructure-descriptor + bytestructure-descriptor? +@@ -75,5 +75,5 @@ + + bs:string + +- cstring-pointer ++ cstr:cstring-pointer + ) diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch index 2431495f24..95bddcce88 100644 --- a/gnu/packages/patches/guile-relocatable.patch +++ b/gnu/packages/patches/guile-relocatable.patch @@ -35,11 +35,11 @@ location of the `guile' binary, allowing it to be relocated. + + module_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string"); + strcpy (module_dir, prefix); -+ strcat (module_dir, "/share/guile/2.0"); ++ strcat (module_dir, "/share/guile/" SCM_EFFECTIVE_VERSION); + + ccache_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string"); + strcpy (ccache_dir, prefix); -+ strcat (ccache_dir, "/lib/guile/2.0/ccache"); ++ strcat (ccache_dir, "/lib/guile/" SCM_EFFECTIVE_VERSION "/ccache"); + env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH")); if (env && strcmp (env, "") == 0) diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch deleted file mode 100644 index 54b5055a20..0000000000 --- a/gnu/packages/patches/guile-ssh-channel-finalization.patch +++ /dev/null @@ -1,28 +0,0 @@ -Avoid asynchronous channel finalization, which could lead to segfaults due to -libssh not being thread-safe: <https://bugs.gnu.org/26976>. - ---- guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:37:44.861671297 +0200 -+++ guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:38:02.841580565 +0200 -@@ -391,11 +391,18 @@ listens on an expected port, return #f o - "Evaluate QUOTED-EXP on the node and return the evaluated result." - (let ((repl-channel (node-open-rrepl node))) - (rrepl-skip-to-prompt repl-channel) -- (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp)) -- (lambda vals -- (and (node-stop-repl-server? node) -+ (dynamic-wind -+ (const #t) -+ (lambda () -+ (rrepl-eval repl-channel quoted-exp)) -+ (lambda () -+ (when (node-stop-repl-server? node) - (node-stop-server node)) -- (apply values vals))))) -+ -+ ;; Close REPL-CHANNEL right away to prevent finalization from -+ ;; happening in another thread at the wrong time (see -+ ;; <https://bugs.gnu.org/26976>.) -+ (close-port repl-channel))))) - - (define (node-eval-1 node quoted-exp) - "Evaluate QUOTED-EXP on the node and return the evaluated result. The diff --git a/gnu/packages/patches/guile-ssh-double-free.patch b/gnu/packages/patches/guile-ssh-double-free.patch deleted file mode 100644 index 9692b81d39..0000000000 --- a/gnu/packages/patches/guile-ssh-double-free.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix a double-free or use-after-free issue with Guile-SSH used -with Guile 2.2. See <https://bugs.gnu.org/26976>. - -diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c -index 3dd641f..0839854 100644 ---- a/libguile-ssh/channel-type.c -+++ b/libguile-ssh/channel-type.c -@@ -229,10 +229,11 @@ ptob_close (SCM channel) - ssh_channel_free (ch->ssh_channel); - } - -+ SCM_SETSTREAM (channel, NULL); -+ - #if USING_GUILE_BEFORE_2_2 - scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer"); - scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer"); -- SCM_SETSTREAM (channel, NULL); - - return 0; - #endif -diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c -index 8879924..f87cf03 100644 ---- a/libguile-ssh/sftp-file-type.c -+++ b/libguile-ssh/sftp-file-type.c -@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file) - sftp_close (fd->file); - } - -+ SCM_SETSTREAM (sftp_file, NULL); -+ - #if USING_GUILE_BEFORE_2_2 - scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer"); - scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer"); -- SCM_SETSTREAM (sftp_file, NULL); - - return 1; - #endif diff --git a/gnu/packages/patches/guile-ssh-rexec-bug.patch b/gnu/packages/patches/guile-ssh-rexec-bug.patch deleted file mode 100644 index 363fea38c9..0000000000 --- a/gnu/packages/patches/guile-ssh-rexec-bug.patch +++ /dev/null @@ -1,16 +0,0 @@ -Fix a bug whereby 'node-guile-version' would pass a node instead of -a session to 'rexec'. - -diff --git a/modules/ssh/dist/node.scm b/modules/ssh/dist/node.scm -index 9c065c7..29a3906 100644 ---- a/modules/ssh/dist/node.scm -+++ b/modules/ssh/dist/node.scm -@@ -411,7 +411,8 @@ procedure returns the 1st evaluated value if multiple values were returned." - "Get Guile version installed on a NODE, return the version string. Return - #f if Guile is not installed." - (receive (result rc) -- (rexec node "which guile > /dev/null && guile --version") -+ (rexec (node-session node) -+ "which guile > /dev/null && guile --version") - (and (zero? rc) - (car result)))) diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch new file mode 100644 index 0000000000..d76f0df369 --- /dev/null +++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-11103: + +https://orpheus-lyre.info/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 +https://security-tracker.debian.org/tracker/CVE-2017-11103 + +Patch lifted from upstream source repository: + +https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea + +From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c +--- + lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c +index d95d96d1b..b8d81c6ad 100644 +--- a/lib/krb5/ticket.c ++++ b/lib/krb5/ticket.c +@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ +-- +2.13.3 + diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch new file mode 100644 index 0000000000..714af60304 --- /dev/null +++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch @@ -0,0 +1,85 @@ +Fix CVE-2017-6594: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594 +https://security-tracker.debian.org/tracker/CVE-2017-6594 + +Patch lifted from upstream source repository: + +https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 + +To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and +files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified. + +From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni <viktor@twosigma.com> +Date: Wed, 10 Aug 2016 23:31:14 +0000 +Subject: [PATCH] Fix transit path validation CVE-2017-6594 + +Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm +to not be added to the transit path of issued tickets. This may, in +some cases, enable bypass of capath policy in Heimdal versions 1.5 +through 7.2. + +Note, this may break sites that rely on the bug. With the bug some +incomplete [capaths] worked, that should not have. These may now break +authentication in some cross-realm configurations. +--- + NEWS | 14 ++++++++++++++ + kdc/krb5tgs.c | 12 ++++++++++-- + tests/kdc/check-kdc.in | 17 +++++++++++++++++ + tests/kdc/krb5.conf.in | 4 ++++ + 4 files changed, 45 insertions(+), 2 deletions(-) + +diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c +index 6048b9c55..98503812f 100644 +--- a/kdc/krb5tgs.c ++++ b/kdc/krb5tgs.c +@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context, + "Decoding transited encoding"); + return ret; + } ++ ++ /* ++ * If the realm of the presented tgt is neither the client nor the server ++ * realm, it is a transit realm and must be added to transited set. ++ */ + if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { +- /* not us, so add the previous realm to transited set */ + if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; +@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context, + const char *server_name, + hdb_entry_ex *client, + krb5_principal client_principal, ++ const char *tgt_realm, + hdb_entry_ex *krbtgt, + krb5_enctype krbtgt_etype, + krb5_principals spp, +@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context, + &tgt->transited, &et, + krb5_principal_get_realm(context, client_principal), + krb5_principal_get_realm(context, server->entry.principal), +- krb5_principal_get_realm(context, krbtgt->entry.principal)); ++ tgt_realm); + if(ret) + goto out; + +@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context, + krb5_keyblock sessionkey; + krb5_kvno kvno; + krb5_data rspac; ++ const char *tgt_realm = /* Realm of TGT issuer */ ++ krb5_principal_get_realm(context, krbtgt->entry.principal); + +@@ -2324,6 +2331,7 @@ server_lookup: + spn, + client, + cp, ++ tgt_realm, + krbtgt_out, + tkey_sign->key.keytype, + spp, +-- +2.13.3 + diff --git a/gnu/packages/patches/intltool-perl-compatibility.patch b/gnu/packages/patches/intltool-perl-compatibility.patch new file mode 100644 index 0000000000..b895ca7cb9 --- /dev/null +++ b/gnu/packages/patches/intltool-perl-compatibility.patch @@ -0,0 +1,76 @@ +This patch fixes a regex parsing compatibility issue with Perl 5.26.0. +It manifests during the configure phase of at-spi2-core like this: + +------ +Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at /gnu/store/...-intltool-0.51.0/bin/intltool-update line 1065. +------ + +Copied from Gentoo and MSYS2: + +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-util/intltool/files/intltool-0.51.0-perl-5.26.patch?id=1105187fc65d8bf643e682fcef39620dcfd9326a +https://github.com/Alexpux/MSYS2-packages/blob/0d3f442553ae4fc8798e32cbf44c4252fa8f3c07/intltool/perl-5.22-compatibility.patch + +#diff -ruN intltool-0.51.0.orig/intltool-update.in intltool-0.51.0/intltool-update.in +#--- intltool-0.51.0.orig/intltool-update.in 2017-06-28 00:47:20.889269294 +0200 +#+++ intltool-0.51.0/intltool-update.in 2017-06-28 00:48:14.592271529 +0200 +#@@ -1068,7 +1068,7 @@ +# my $untouched = $1; +# my $sub = ""; +# # Ignore recursive definitions of variables +#- $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/; +#+ $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/; +# +# return SubstituteVariable ("$untouched$sub$rest"); +# } +--- intltool-0.51.0.orig/intltool-update.in 2015-03-09 02:39:54.000000000 +0100 ++++ intltool-0.51.0.orig/intltool-update.in 2015-06-19 01:52:07.171228154 +0200 +@@ -1062,7 +1062,7 @@ + } + } + +- if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/) ++ if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/) + { + my $rest = $3; + my $untouched = $1; +@@ -1068,7 +1068,7 @@ + my $untouched = $1; + my $sub = ""; + # Ignore recursive definitions of variables +- $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/; ++ $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/; + + return SubstituteVariable ("$untouched$sub$rest"); + } +@@ -1190,10 +1190,10 @@ + $name =~ s/\(+$//g; + $version =~ s/\(+$//g; + +- $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/); +- $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/); +- $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/); +- $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/); ++ $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/); ++ $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/); ++ $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/); ++ $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/); + } + + if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m) +@@ -1219,11 +1219,11 @@ + $version =~ s/\(+$//g; + $bugurl =~ s/\(+$//g if (defined $bugurl); + +- $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/); +- $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/); +- $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/); +- $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/); +- $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/); ++ $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/); ++ $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/); ++ $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/); ++ $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/); ++ $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/); + } + + # \s makes this not work, why? diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch new file mode 100644 index 0000000000..ebbc0635a5 --- /dev/null +++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch @@ -0,0 +1,28 @@ +The patch fixes build failure of form: + ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h" +Upstream fixed the bug in a more invasive way +but didn't have releases since 3.2.1. + +The patch is taken from Gentoo: +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch + +--- libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:15.000000000 +0100 ++++ libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:24.000000000 +0100 +@@ -279,6 +279,7 @@ + .gprel32 $load_64 # FFI_TYPE_SINT64 + .gprel32 $load_none # FFI_TYPE_STRUCT + .gprel32 $load_64 # FFI_TYPE_POINTER ++ .gprel32 $load_none # FFI_TYPE_COMPLEX + + /* Assert that the table above is in sync with ffi.h. */ + +@@ -294,7 +295,8 @@ + || FFI_TYPE_SINT64 != 12 \ + || FFI_TYPE_STRUCT != 13 \ + || FFI_TYPE_POINTER != 14 \ +- || FFI_TYPE_LAST != 14 ++ || FFI_TYPE_COMPLEX != 15 \ ++ || FFI_TYPE_LAST != 15 + #error "osf.S out of sync with ffi.h" + #endif + diff --git a/gnu/packages/patches/libgit2-use-after-free.patch b/gnu/packages/patches/libgit2-use-after-free.patch deleted file mode 100644 index 580af8781a..0000000000 --- a/gnu/packages/patches/libgit2-use-after-free.patch +++ /dev/null @@ -1,24 +0,0 @@ -This patch is taken from <https://github.com/libgit2/libgit2/pull/4122>; -we need it to fix the use-after-free error in 'git_commit_extract_signature' -reported at <https://github.com/libgit2/libgit2/issues/4118>. - -From ade0d9c658fdfc68d8046935f6908f033fe7a529 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt <ps@pks.im> -Date: Mon, 13 Feb 2017 13:46:17 +0100 -Subject: [PATCH 3/3] commit: avoid possible use-after-free - -diff --git a/src/commit.c b/src/commit.c -index 89a4db1..05b70a9 100644 ---- a/src/commit.c -+++ b/src/commit.c -@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r - if (git_buf_oom(signature)) - goto oom; - -+ error = git_buf_puts(signed_data, eol+1); - git_odb_object_free(obj); -- return git_buf_puts(signed_data, eol+1); -+ return error; - } - - giterr_set(GITERR_OBJECT, "this commit is not signed"); diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch new file mode 100644 index 0000000000..6cec0c8030 --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-10790: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 + +Patch copied from upstream source repository: + +https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 + +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch deleted file mode 100644 index 1f847ed025..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-6891: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484 - -From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 18 May 2017 18:03:34 +0200 -Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() - -This prevents a stack overflow in asn1_find_node() which -is triggered by too long variable names in the definitions -files. That means that applications have to deliberately -pass a too long 'name' constant to asn1_write_value() -and friends. Reported by Jakub Jirasek. - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index b4a7370..976ab38 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; -@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; --- -2.13.0 - diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch deleted file mode 100644 index d5fd796169..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-10092: - -http://bugzilla.maptools.org/show_bug.cgi?id=2620 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092 -https://security-tracker.debian.org/tracker/CVE-2016-10092 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) - mode so that the output buffer is correctly incremented to avoid write - outside bounds. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1178; previous revision: 1.1177 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.47; previous revision: 1.46 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.46 -retrieving revision 1.47 -diff -u -r1.46 -r1.47 ---- libtiff/tools/tiffcrop.c 18 Nov 2016 14:58:46 -0000 1.46 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -3698,7 +3698,7 @@ - (unsigned long) strip, (unsigned long)rows); - return 0; - } -- bufp += bytes_read; -+ bufp += stripsize; - } - - return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch deleted file mode 100644 index 5897ec1029..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2016-10093: - -http://bugzilla.maptools.org/show_bug.cgi?id=2610 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093 -https://security-tracker.debian.org/tracker/CVE-2016-10093 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: fix uint32 underflow/overflow that can cause - heap-based buffer overflow. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1187; previous revision: 1.1186 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.59; previous revision: 1.58 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.58 -retrieving revision 1.59 -diff -u -r1.58 -r1.59 ---- libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -@@ -1163,7 +1163,7 @@ - - static void - cpStripToTile(uint8* out, uint8* in, -- uint32 rows, uint32 cols, int outskew, int inskew) -+ uint32 rows, uint32 cols, int outskew, int64 inskew) - { - while (rows-- > 0) { - uint32 j = cols; -@@ -1320,7 +1320,7 @@ - tdata_t tilebuf; - uint32 imagew = TIFFScanlineSize(in); - uint32 tilew = TIFFTileRowSize(in); -- int iskew = imagew - tilew; -+ int64 iskew = (int64)imagew - (int64)tilew; - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -@@ -1348,7 +1348,7 @@ - status = 0; - goto done; - } -- if (colb + tilew > imagew) { -+ if (colb > iskew) { - uint32 width = imagew - colb; - uint32 oskew = tilew - width; - cpStripToTile(bufp + colb, diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch deleted file mode 100644 index 9018773565..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-10094: - -http://bugzilla.maptools.org/show_bug.cgi?id=2640 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094 -https://security-tracker.debian.org/tracker/CVE-2016-10094 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential heap-based overflow in - t2p_readwrite_pdf_image_tile(). - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1199; previous revision: 1.1198 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.101; previous revision: 1.100 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.100 -retrieving revision 1.101 -diff -u -r1.100 -r1.101 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:28:17 -0000 1.101 -@@ -2895,7 +2895,7 @@ - return(0); - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { -- if (count >= 4) { -+ if (count > 4) { - int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch deleted file mode 100644 index 3158b49360..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch +++ /dev/null @@ -1,86 +0,0 @@ -Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp): - -http://bugzilla.maptools.org/show_bug.cgi?id=2656 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225 -https://security-tracker.debian.org/tracker/CVE-2017-5225 - -2017-01-11 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and - cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based -overflow. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and - http://bugzilla.maptools.org/show_bug.cgi?id=2657 - - -less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1210; previous revision: 1.1209 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.61; previous revision: 1.60 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.60 -retrieving revision 1.61 -diff -u -r1.60 -r1.61 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -+++ libtiff/tools/tiffcp.c 11 Jan 2017 19:26:14 -0000 1.61 -#@@ -1,4 +1,4 @@ -#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */ -#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ -# -# /* -# * Copyright (c) 1988-1997 Sam Leffler -@@ -591,7 +591,7 @@ - static int - tiffcp(TIFF* in, TIFF* out) - { -- uint16 bitspersample, samplesperpixel = 1; -+ uint16 bitspersample = 1, samplesperpixel = 1; - uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; - copyFunc cf; - uint32 width, length; -@@ -1067,6 +1067,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpContig2SeparateByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1120,6 +1130,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpSeparate2ContigByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1784,7 +1804,7 @@ - uint32 w, l, tw, tl; - int bychunk; - -- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); -+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); - if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { - fprintf(stderr, - "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch deleted file mode 100644 index ef747fbdd7..0000000000 --- a/gnu/packages/patches/libtiff-assertion-failure.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix assertion failure in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert -check. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1188; previous revision: 1.1187 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.60; previous revision: 1.59 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.59 -retrieving revision 1.60 -diff -u -r1.59 -r1.60 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -@@ -45,7 +45,6 @@ - #include <string.h> - - #include <ctype.h> --#include <assert.h> - - #ifdef HAVE_UNISTD_H - # include <unistd.h> -@@ -1393,7 +1392,12 @@ - status = 0; - goto done; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ status = 0; -+ goto done; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { -@@ -1584,7 +1588,12 @@ - _TIFFfree(obuf); - return 0; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ _TIFFfree(obuf); -+ return 0; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch deleted file mode 100644 index 2a96b68521..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix divide-by-zero in OJPEGDecodeRaw(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure -in - OJPEGPreDecode(). This will avoid a divide by zero, and potential other -issues. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1177; previous revision: 1.1176 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c -new revision: 1.66; previous revision: 1.65 - -Index: libtiff/libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.65 -retrieving revision 1.66 -diff -u -r1.65 -r1.66 ---- libtiff/libtiff/tif_ojpeg.c 4 Sep 2016 21:32:56 -0000 1.65 -+++ libtiff/libtiff/tif_ojpeg.c 3 Dec 2016 11:15:18 -0000 1.66 -@@ -1,4 +1,4 @@ --/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ - - /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 - specification is now totally obsolete and deprecated for new applications and -@@ -244,6 +244,7 @@ - - typedef struct { - TIFF* tif; -+ int decoder_ok; - #ifndef LIBJPEG_ENCAP_EXTERNAL - JMP_BUF exit_jmpbuf; - #endif -@@ -722,6 +723,7 @@ - } - sp->write_curstrile++; - } -+ sp->decoder_ok = 1; - return(1); - } - -@@ -784,8 +786,14 @@ - static int - OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) - { -+ static const char module[]="OJPEGDecode"; - OJPEGState* sp=(OJPEGState*)tif->tif_data; - (void)s; -+ if( !sp->decoder_ok ) -+ { -+ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); -+ return 0; -+ } - if (sp->libjpeg_jpeg_query_style==0) - { - if (OJPEGDecodeRaw(tif,buf,cc)==0) diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch deleted file mode 100644 index d3f1c2b60e..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch +++ /dev/null @@ -1,104 +0,0 @@ -Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2597 -http://bugzilla.maptools.org/show_bug.cgi?id=2607 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1183; previous revision: 1.1182 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.57; previous revision: 1.56 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1378,7 +1378,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - tilebuf = _TIFFmalloc(tilesize); - if (tilebuf == 0) -@@ -1387,6 +1387,12 @@ - (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample"); -+ status = 0; -+ goto done; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1186; previous revision: 1.1185 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.58; previous revision: 1.57 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.57 -retrieving revision 1.58 -diff -u -r1.57 -r1.58 ---- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1569,7 +1569,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tl, tw; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - obuf = _TIFFmalloc(TIFFTileSize(out)); - if (obuf == NULL) -@@ -1578,6 +1578,12 @@ - (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); -+ _TIFFfree(obuf); -+ return 0; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch deleted file mode 100644 index 823293f1cf..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix divide-by-zero in readSeparateStripsIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is -missing. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1180; previous revision: 1.1179 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 13:00:04 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -1164,7 +1164,7 @@ - tdata_t obuf; - - (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); -- (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps); - bytes_per_sample = (bps + 7) / 8; - if( width == 0 || - (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width || -@@ -4760,7 +4760,7 @@ - int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; - uint32 j; - int32 bytes_read = 0; -- uint16 bps, planar; -+ uint16 bps = 0, planar; - uint32 nstrips; - uint32 strips_per_sample; - uint32 src_rowsize, dst_rowsize, rows_processed, rps; -@@ -4780,7 +4780,7 @@ - } - - memset (srcbuffs, '\0', sizeof(srcbuffs)); -- TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); - TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); - if (rps > length) diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch deleted file mode 100644 index 6dbd4666cd..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero: - -http://bugzilla.maptools.org/show_bug.cgi?id=2596 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in - TIFFReadEncodedStrip() that caused an integer division by zero. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1173; previous revision: 1.1172 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.50; previous revision: 1.49 -/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v <-- libtiff/tiffiop.h -new revision: 1.90; previous revision: 1.89 - -Index: libtiff/libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.49 -retrieving revision 1.50 -diff -u -r1.49 -r1.50 ---- libtiff/libtiff/tif_read.c 10 Jul 2016 18:00:21 -0000 1.49 -+++ libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 -@@ -1,4 +1,4 @@ --/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */ -+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -346,7 +346,7 @@ - rowsperstrip=td->td_rowsperstrip; - if (rowsperstrip>td->td_imagelength) - rowsperstrip=td->td_imagelength; -- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); -+ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); - stripinplane=(strip%stripsperplane); - plane=(uint16)(strip/stripsperplane); - rows=td->td_imagelength-stripinplane*rowsperstrip; -Index: libtiff/libtiff/tiffiop.h -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v -retrieving revision 1.89 -retrieving revision 1.90 -diff -u -r1.89 -r1.90 ---- libtiff/libtiff/tiffiop.h 23 Jan 2016 21:20:34 -0000 1.89 -+++ libtiff/libtiff/tiffiop.h 2 Dec 2016 21:56:56 -0000 1.90 -@@ -1,4 +1,4 @@ --/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -250,6 +250,10 @@ - #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \ - ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \ - 0U) -+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */ -+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */ -+#define TIFFhowmany_32_maxuint_compat(x, y) \ -+ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0)) - #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3) - #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y)) - #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y))) diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch deleted file mode 100644 index 2d5e23586d..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch +++ /dev/null @@ -1,131 +0,0 @@ -Fix heap-based buffer overflow in _TIFFmemcpy(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer - overflow on generation of PixarLog / LUV compressed files, with - ColorMap, TransferFunction attached and nasty plays with bitspersample. - The fix for LUV has not been tested, but suffers from the same kind - of issue of PixarLog. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1175; previous revision: 1.1174 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v <-- libtiff/tif_luv.c -new revision: 1.44; previous revision: 1.43 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v <-- -libtiff/tif_pixarlog.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/libtiff/tif_luv.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_luv.c 4 Sep 2016 21:32:56 -0000 1.43 -+++ libtiff/libtiff/tif_luv.c 2 Dec 2016 23:05:51 -0000 1.44 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -158,6 +158,7 @@ - typedef struct logLuvState LogLuvState; - - struct logLuvState { -+ int encoder_state; /* 1 if encoder correctly initialized */ - int user_datafmt; /* user data format */ - int encode_meth; /* encoding method */ - int pixel_size; /* bytes per pixel */ -@@ -1552,6 +1553,7 @@ - td->td_photometric, "must be either LogLUV or LogL"); - break; - } -+ sp->encoder_state = 1; - return (1); - notsupported: - TIFFErrorExt(tif->tif_clientdata, module, -@@ -1563,19 +1565,27 @@ - static void - LogLuvClose(TIFF* tif) - { -+ LogLuvState* sp = (LogLuvState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* - * For consistency, we always want to write out the same - * bitspersample and sampleformat for our TIFF file, - * regardless of the data format being used by the application. - * Since this routine is called after tags have been set but - * before they have been recorded in the file, we reset them here. -+ * Note: this is really a nasty approach. See PixarLogClose - */ -- td->td_samplesperpixel = -- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -- td->td_bitspersample = 16; -- td->td_sampleformat = SAMPLEFORMAT_INT; -+ if( sp->encoder_state ) -+ { -+ /* See PixarLogClose. Might avoid issues with tags whose size depends -+ * on those below, but not completely sure this is enough. */ -+ td->td_samplesperpixel = -+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -+ td->td_bitspersample = 16; -+ td->td_sampleformat = SAMPLEFORMAT_INT; -+ } - } - - static void -Index: libtiff/libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/libtiff/tif_pixarlog.c 23 Sep 2016 22:12:18 -0000 1.48 -+++ libtiff/libtiff/tif_pixarlog.c 2 Dec 2016 23:05:51 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */ -+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1996-1997 Sam Leffler -@@ -1233,8 +1233,10 @@ - static void - PixarLogClose(TIFF* tif) - { -+ PixarLogState* sp = (PixarLogState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* In a really sneaky (and really incorrect, and untruthful, and - * troublesome, and error-prone) maneuver that completely goes against - * the spirit of TIFF, and breaks TIFF, on close, we covertly -@@ -1243,8 +1245,19 @@ - * readers that don't know about PixarLog, or how to set - * the PIXARLOGDATFMT pseudo-tag. - */ -- td->td_bitspersample = 8; -- td->td_sampleformat = SAMPLEFORMAT_UINT; -+ -+ if (sp->state&PLSTATE_INIT) { -+ /* We test the state to avoid an issue such as in -+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604 -+ * What appends in that case is that the bitspersample is 1 and -+ * a TransferFunction is set. The size of the TransferFunction -+ * depends on 1<<bitspersample. So if we increase it, an access -+ * out of the buffer will happen at directory flushing. -+ * Another option would be to clear those targs. -+ */ -+ td->td_bitspersample = 8; -+ td->td_sampleformat = SAMPLEFORMAT_UINT; -+ } - } - - static void diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch deleted file mode 100644 index 68889b121b..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch +++ /dev/null @@ -1,132 +0,0 @@ -Fix heap-based buffer overflow in TIFFFillStrip(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2608 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to - instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, -rowsperstrip), - instead of a logic based on the total size of data. Which is faulty is - the total size of data is not sufficient to fill the whole image, and -thus - results in reading outside of the StripByCounts/StripOffsets arrays -when - using TIFFReadScanline(). - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. - - * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done - for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 -since - the above change is a better fix that makes it unnecessary. - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1176; previous revision: 1.1175 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- -libtiff/tif_dirread.c -new revision: 1.205; previous revision: 1.204 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v <-- libtiff/tif_strip.c -new revision: 1.38; previous revision: 1.37 - -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.204 -retrieving revision 1.205 -diff -u -r1.204 -r1.205 ---- libtiff/libtiff/tif_dirread.c 16 Nov 2016 15:14:15 -0000 1.204 -+++ libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -5502,8 +5502,7 @@ - uint64 rowblockbytes; - uint64 stripbytes; - uint32 strip; -- uint64 nstrips64; -- uint32 nstrips32; -+ uint32 nstrips; - uint32 rowsperstrip; - uint64* newcounts; - uint64* newoffsets; -@@ -5534,18 +5533,17 @@ - return; - - /* -- * never increase the number of strips in an image -+ * never increase the number of rows per strip - */ - if (rowsperstrip >= td->td_rowsperstrip) - return; -- nstrips64 = TIFFhowmany_64(bytecount, stripbytes); -- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */ -- return; -- nstrips32 = (uint32)nstrips64; -+ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); -+ if( nstrips == 0 ) -+ return; - -- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); -- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripOffsets\" array"); - if (newcounts == NULL || newoffsets == NULL) { - /* -@@ -5562,18 +5560,18 @@ - * Fill the strip information arrays with new bytecounts and offsets - * that reflect the broken-up format. - */ -- for (strip = 0; strip < nstrips32; strip++) { -+ for (strip = 0; strip < nstrips; strip++) { - if (stripbytes > bytecount) - stripbytes = bytecount; - newcounts[strip] = stripbytes; -- newoffsets[strip] = offset; -+ newoffsets[strip] = stripbytes ? offset : 0; - offset += stripbytes; - bytecount -= stripbytes; - } - /* - * Replace old single strip info with multi-strip info. - */ -- td->td_stripsperimage = td->td_nstrips = nstrips32; -+ td->td_stripsperimage = td->td_nstrips = nstrips; - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); - - _TIFFfree(td->td_stripbytecount); -Index: libtiff/libtiff/tif_strip.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/libtiff/tif_strip.c 9 Nov 2016 23:00:49 -0000 1.37 -+++ libtiff/libtiff/tif_strip.c 3 Dec 2016 11:02:15 -0000 1.38 -@@ -1,4 +1,4 @@ --/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */ -+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1991-1997 Sam Leffler -@@ -63,15 +63,6 @@ - TIFFDirectory *td = &tif->tif_dir; - uint32 nstrips; - -- /* If the value was already computed and store in td_nstrips, then return it, -- since ChopUpSingleUncompressedStrip might have altered and resized the -- since the td_stripbytecount and td_stripoffset arrays to the new value -- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in -- tif_dirread.c ~line 3612. -- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */ -- if( td->td_nstrips ) -- return td->td_nstrips; -- - nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : - TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); - if (td->td_planarconfig == PLANARCONFIG_SEPARATE) diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch deleted file mode 100644 index f0fef08bf3..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix heap buffer overflow in tiffcp when parsing number of inks: - -http://bugzilla.maptools.org/show_bug.cgi?id=2599 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is -called, - limit the return number of inks to SamplesPerPixel, so that code that -parses - ink names doesn't go past the end of the buffer. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1184; previous revision: 1.1183 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c -new revision: 1.128; previous revision: 1.127 - -Index: libtiff/libtiff/tif_dir.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v -retrieving revision 1.127 -retrieving revision 1.128 -diff -u -r1.127 -r1.128 ---- libtiff/libtiff/tif_dir.c 25 Oct 2016 21:35:15 -0000 1.127 -+++ libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */ -+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -854,6 +854,32 @@ - if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */ - return 0; - -+ if( tag == TIFFTAG_NUMBEROFINKS ) -+ { -+ int i; -+ for (i = 0; i < td->td_customValueCount; i++) { -+ uint16 val; -+ TIFFTagValue *tv = td->td_customValues + i; -+ if (tv->info->field_tag != tag) -+ continue; -+ val = *(uint16 *)tv->value; -+ /* Truncate to SamplesPerPixel, since the */ -+ /* setting code for INKNAMES assume that there are SamplesPerPixel */ -+ /* inknames. */ -+ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ -+ if( val > td->td_samplesperpixel ) -+ { -+ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", -+ "Truncating NumberOfInks from %u to %u", -+ val, td->td_samplesperpixel); -+ val = td->td_samplesperpixel; -+ } -+ *va_arg(ap, uint16*) = val; -+ return 1; -+ } -+ return 0; -+ } -+ - /* - * We want to force the custom code to be used for custom - * fields even if the tag happens to match a well known diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch deleted file mode 100644 index 8166c55758..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix heap-based buffer overflow in combineSeparateSamples16bits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in - readSeparateStripsIntoBuffer() to avoid read outside of heap allocated -buffer. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1179; previous revision: 1.1178 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.48; previous revision: 1.47 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.47 -retrieving revision 1.48 -diff -u -r1.47 -r1.48 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -4815,10 +4815,17 @@ - nstrips = TIFFNumberOfStrips(in); - strips_per_sample = nstrips /spp; - -+ /* Add 3 padding bytes for combineSeparateSamples32bits */ -+ if( (size_t) stripsize > 0xFFFFFFFFU - 3U ) -+ { -+ TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ - for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - srcbuffs[s] = NULL; -- buff = _TIFFmalloc(stripsize); -+ buff = _TIFFmalloc(stripsize + 3); - if (!buff) - { - TIFFError ("readSeparateStripsIntoBuffer", -@@ -4827,6 +4834,9 @@ - _TIFFfree (srcbuffs[i]); - return 0; - } -+ buff[stripsize] = 0; -+ buff[stripsize+1] = 0; -+ buff[stripsize+2] = 0; - srcbuffs[s] = buff; - } - diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch deleted file mode 100644 index 92742d8757..0000000000 --- a/gnu/packages/patches/libtiff-invalid-read.patch +++ /dev/null @@ -1,64 +0,0 @@ -Fix invalid read in t2p_writeproc(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2639 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential invalid memory read in - t2p_writeproc. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1198; previous revision: 1.1197 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.100; previous revision: 1.99 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.99 -retrieving revision 1.100 -diff -u -r1.99 -r1.100 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:13:26 -0000 1.99 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -@@ -2896,6 +2896,7 @@ - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { - if (count >= 4) { -+ int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); - bufferoffset += count - 2; -@@ -2903,22 +2904,23 @@ - table_end[0] = buffer[bufferoffset-2]; - table_end[1] = buffer[bufferoffset-1]; - xuint32 = bufferoffset; -- bufferoffset -= 2; -- bufferoffset += TIFFReadRawTile( -+ bufferoffset -= 2; -+ retTIFFReadRawTile= TIFFReadRawTile( - input, - tile, - (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), - -1); -+ if( retTIFFReadRawTile < 0 ) -+ { -+ _TIFFfree(buffer); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return(0); -+ } -+ bufferoffset += retTIFFReadRawTile; - /* Overwrite SOI marker of image scan with previously */ - /* saved end of JpegTables */ - buffer[xuint32-2]=table_end[0]; - buffer[xuint32-1]=table_end[1]; -- } else { -- bufferoffset += TIFFReadRawTile( -- input, -- tile, -- (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), -- -1); - } - } - t2pWriteFile(output, (tdata_t) buffer, bufferoffset); diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch deleted file mode 100644 index 8c6345b804..0000000000 --- a/gnu/packages/patches/libtiff-null-dereference.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix NULL pointer dereference in TIFFReadRawData(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2594 - - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffinfo.c: fix null pointer dereference in -r mode when - * the -image has - no StripByteCount tag. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1182; previous revision: 1.1181 -/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v <-- tools/tiffinfo.c -new revision: 1.26; previous revision: 1.25 - -Index: libtiff/tools/tiffinfo.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v -retrieving revision 1.25 -retrieving revision 1.26 -diff -u -r1.25 -r1.26 ---- libtiff/tools/tiffinfo.c 12 Nov 2016 20:06:05 -0000 1.25 -+++ libtiff/tools/tiffinfo.c 3 Dec 2016 14:18:49 -0000 1.26 -@@ -1,4 +1,4 @@ --/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */ -+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -417,7 +417,7 @@ - uint64* stripbc=NULL; - - TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc); -- if (nstrips > 0) { -+ if (stripbc != NULL && nstrips > 0) { - uint32 bufsize = (uint32) stripbc[0]; - tdata_t buf = _TIFFmalloc(bufsize); - tstrip_t s; diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch deleted file mode 100644 index 5615cbb3e1..0000000000 --- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix a integer underflow in tiffcp that led to heap overflows in -TIFFReverseBits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2598 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that - can cause various issues, such as buffer overflows in the library. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1174; previous revision: 1.1173 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.56; previous revision: 1.55 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.55 -retrieving revision 1.56 -diff -u -r1.55 -r1.56 ---- libtiff/tools/tiffcp.c 8 Oct 2016 15:54:57 -0000 1.55 -+++ libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -985,7 +985,7 @@ - tstrip_t s, ns = TIFFNumberOfStrips(in); - uint32 row = 0; - _TIFFmemset(buf, 0, stripsize); -- for (s = 0; s < ns; s++) { -+ for (s = 0; s < ns && row < imagelength; s++) { - tsize_t cc = (row + rowsperstrip > imagelength) ? - TIFFVStripSize(in, imagelength - row) : stripsize; - if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch new file mode 100644 index 0000000000..709b20c6d2 --- /dev/null +++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch new file mode 100644 index 0000000000..37dd8bd111 --- /dev/null +++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch @@ -0,0 +1,15 @@ +Disable tests who fail because they have to run as root. + +--- libusb-0.1.12/tests/Makefile.in 2006-03-04 03:54:06.000000000 +0100 ++++ libusb-0.1.12/tests/Makefile.in 2017-07-13 16:17:45.201728019 +0200 +@@ -255,8 +255,8 @@ + hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@ + driver_name_SOURCES = driver_name.cpp + driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@ +-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \ +- get_resolution hub_strings $(OS_SPECIFIC) ++TESTS = testlibusb descriptor_test id_test find_hubs find_mice ++ #get_resolution hub_strings $(OS_SPECIFIC) + + XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL) + all: all-am diff --git a/gnu/packages/patches/lz4-fix-test-failures.patch b/gnu/packages/patches/lz4-fix-test-failures.patch deleted file mode 100644 index d38357d402..0000000000 --- a/gnu/packages/patches/lz4-fix-test-failures.patch +++ /dev/null @@ -1,136 +0,0 @@ -These two patches fix some bugs in lz4's test suite: - -https://github.com/lz4/lz4/issues/308 - -Patches copied from upstream source repository: - -https://github.com/lz4/lz4/commit/b89cac7b2e92b792af98bb0a12e4d14684d07629 -https://github.com/lz4/lz4/commit/0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 - -From b89cac7b2e92b792af98bb0a12e4d14684d07629 Mon Sep 17 00:00:00 2001 -From: Eric Siegerman <pub08-git@davor.org> -Date: Tue, 14 Feb 2017 14:17:06 -0500 -Subject: [PATCH] Don't use "foo && false || true" - -Replace it with either: - test ! -f $FILE_THAT_SHOULD_NOT_EXIST -or: - ! $COMMAND_THAT_SHOULD_FAIL - -as appropriate. ---- - tests/Makefile | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/tests/Makefile b/tests/Makefile -index 77e6ae7..ebab278 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -236,17 +236,17 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat - ./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t - @echo "hello world" > tmp - $(LZ4) --rm -f tmp -- ls -ls tmp && false || true # must fail (--rm) -- ls -ls tmp.lz4 -- $(PRGDIR)/lz4cat tmp.lz4 # must display hello world -- ls -ls tmp.lz4 -+ test ! -f tmp # must fail (--rm) -+ test -f tmp.lz4 -+ $(PRGDIR)/lz4cat tmp.lz4 # must display hello world -+ test -f tmp.lz4 - $(PRGDIR)/unlz4 --rm tmp.lz4 -- ls -ls tmp -- ls -ls tmp.lz4 && false || true # must fail (--rm) -- ls -ls tmp.lz4.lz4 && false || true # must fail (unlz4) -- $(PRGDIR)/lz4cat tmp # pass-through mode -- ls -ls tmp -- ls -ls tmp.lz4 && false || true # must fail (lz4cat) -+ test -f tmp -+ test ! -f tmp.lz4 # must fail (--rm) -+ test ! -f tmp.lz4.lz4 # must fail (unlz4) -+ $(PRGDIR)/lz4cat tmp # pass-through mode -+ test -f tmp -+ test ! -f tmp.lz4 # must fail (lz4cat) - $(LZ4) tmp # creates tmp.lz4 - $(PRGDIR)/lz4cat < tmp.lz4 > tmp3 # checks lz4cat works with stdin (#285) - $(DIFF) -q tmp tmp3 -@@ -262,22 +262,22 @@ test-lz4-hugefile: lz4 datagen - - test-lz4-testmode: lz4 datagen - @echo "\n ---- bench mode ----" -- $(LZ4) -bi1 -+ $(LZ4) -bi1 - @echo "\n ---- test mode ----" -- ./datagen | $(LZ4) -t && false || true -- ./datagen | $(LZ4) -tf && false || true -+ ! ./datagen | $(LZ4) -t -+ ! ./datagen | $(LZ4) -tf - @echo "\n ---- pass-through mode ----" -- ./datagen | $(LZ4) -d > $(VOID) && false || true -- ./datagen | $(LZ4) -df > $(VOID) -+ ! ./datagen | $(LZ4) -d > $(VOID) -+ ./datagen | $(LZ4) -df > $(VOID) - @echo "Hello World !" > tmp1 - $(LZ4) -dcf tmp1 - @echo "from underground..." > tmp2 - $(LZ4) -dcfm tmp1 tmp2 - @echo "\n ---- test cli ----" -- $(LZ4) file-does-not-exist && false || true -- $(LZ4) -f file-does-not-exist && false || true -- $(LZ4) -fm file1-dne file2-dne && false || true -- $(LZ4) -fm file1-dne file2-dne && false || true -+ ! $(LZ4) file-does-not-exist -+ ! $(LZ4) -f file-does-not-exist -+ ! $(LZ4) -fm file1-dne file2-dne -+ ! $(LZ4) -fm file1-dne file2-dne - - test-lz4-opt-parser: lz4 datagen - @echo "\n ---- test opt-parser ----" --- -2.12.2 - -From 0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" <ldv@altlinux.org> -Date: Sun, 5 Mar 2017 23:20:10 +0000 -Subject: [PATCH] Fix test-lz4-basic - -When no output filename is specified and stdout is not a terminal, -lz4 doesn't attempt to guess an output filename and uses stdout for -output. - -This change fixes test-lz4-basic when run without a terminal -by specifying output filenames. ---- - tests/Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/Makefile b/tests/Makefile -index ebab278..d68c700 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -235,19 +235,19 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat - ./datagen -g33M | $(LZ4) --no-frame-crc | $(LZ4) -t - ./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t - @echo "hello world" > tmp -- $(LZ4) --rm -f tmp -+ $(LZ4) --rm -f tmp tmp.lz4 - test ! -f tmp # must fail (--rm) - test -f tmp.lz4 - $(PRGDIR)/lz4cat tmp.lz4 # must display hello world - test -f tmp.lz4 -- $(PRGDIR)/unlz4 --rm tmp.lz4 -+ $(PRGDIR)/unlz4 --rm tmp.lz4 tmp - test -f tmp - test ! -f tmp.lz4 # must fail (--rm) - test ! -f tmp.lz4.lz4 # must fail (unlz4) - $(PRGDIR)/lz4cat tmp # pass-through mode - test -f tmp - test ! -f tmp.lz4 # must fail (lz4cat) -- $(LZ4) tmp # creates tmp.lz4 -+ $(LZ4) tmp tmp.lz4 # creates tmp.lz4 - $(PRGDIR)/lz4cat < tmp.lz4 > tmp3 # checks lz4cat works with stdin (#285) - $(DIFF) -q tmp tmp3 - $(PRGDIR)/lz4cat < tmp > tmp2 # checks lz4cat works with stdin (#285) --- -2.12.2 - diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch deleted file mode 100644 index e21e87cef6..0000000000 --- a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch +++ /dev/null @@ -1,58 +0,0 @@ -Fix a test failure when building for 32 bit architectures: - -http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 - -From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001 -From: Grazvydas Ignotas <notasas@gmail.com> -Date: Thu, 9 Mar 2017 02:54:53 +0200 -Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit - -Negating size_t on 32bit produces a 32bit result. This was effectively -adding values close to UINT_MAX to the cache size (the files are usually -small) instead of intended subtraction. -Fixes 'make check' disk_cache failures on 32bit. - -Signed-off-by: Grazvydas Ignotas <notasas@gmail.com> -Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com> ---- - src/util/disk_cache.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c -index 5470688df3..facdcecf7c 100644 ---- a/src/util/disk_cache.c -+++ b/src/util/disk_cache.c -@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache) - free(dir_path); - - if (size) { -- p_atomic_add(cache->size, - size); -+ p_atomic_add(cache->size, - (uint64_t)size); - return; - } - -@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache) - free(dir_path); - - if (size) -- p_atomic_add(cache->size, - size); -+ p_atomic_add(cache->size, - (uint64_t)size); - } - - void -#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key) -# free(filename); -# -# if (sb.st_size) -#- p_atomic_add(cache->size, - sb.st_size); -#+ p_atomic_add(cache->size, - (uint64_t)sb.st_size); -# } -# -# /* From the zlib docs: --- -2.12.2 - diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch index 4377110475..b3f9367fd5 100644 --- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch +++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch @@ -5,16 +5,15 @@ for now. --- a/src/compiler/glsl/tests/cache_test.c +++ b/src/compiler/glsl/tests/cache_test.c -@@ -137,11 +137,6 @@ +@@ -170,11 +170,6 @@ unsetenv("MESA_GLSL_CACHE_DIR"); unsetenv("XDG_CACHE_HOME"); -- cache = disk_cache_create(); +- cache = disk_cache_create("test", "make_check"); - expect_non_null(cache, "disk_cache_create with no environment variables"); - - disk_cache_destroy(cache); - /* Test with XDG_CACHE_HOME set */ setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1); - cache = disk_cache_create(); - + cache = disk_cache_create("test", "make_check"); diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch new file mode 100644 index 0000000000..3382d84d66 --- /dev/null +++ b/gnu/packages/patches/metabat-fix-boost-issue.patch @@ -0,0 +1,27 @@ +This patch fixes the issue described at +https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164 + +diff --git a/src/metabat.h b/src/metabat.h +index 32ae94c..2292c04 100644 +--- a/src/metabat.h ++++ b/src/metabat.h +@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread) + + #include <boost/program_options.hpp> + #include <boost/algorithm/string.hpp> ++#include <boost/serialization/array_wrapper.hpp> + #include <boost/numeric/ublas/matrix.hpp> + #include <boost/math/distributions.hpp> + #include <boost/serialization/serialization.hpp> +diff --git a/src/metabat2.h b/src/metabat2.h +index 60a9998..19fa815 100644 +--- a/src/metabat2.h ++++ b/src/metabat2.h +@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread) + + #include <boost/program_options.hpp> + #include <boost/algorithm/string.hpp> ++#include <boost/serialization/array_wrapper.hpp> + #include <boost/numeric/ublas/matrix.hpp> + #include <boost/numeric/ublas/matrix_sparse.hpp> + #include <boost/numeric/ublas/matrix_proxy.hpp> diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch new file mode 100644 index 0000000000..7086a96e86 --- /dev/null +++ b/gnu/packages/patches/metabat-fix-compilation.patch @@ -0,0 +1,39 @@ +This patch changes metabat so that (1) it is not build statically, (2) it uses +shared libraries rather than static libraries where possible. + +diff --git a/SConstruct b/SConstruct +index 69cdc0a..ac99bcb 100644 +--- a/SConstruct ++++ b/SConstruct +@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None) + build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp'] + link_flags = ['-lstdc++', '-lm', '-fopenmp'] + +-if platform.platform(True, True).find('Darwin') == -1: +- link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++']) + + if debug is None: + build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable']) +@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat + for path in testPaths: + if not os.path.isdir(path): + continue ++ for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)): ++ if os.path.isfile(testfile): ++ print "Found shared library %s as %s" % (lib, testfile) ++ link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] ) ++ return + for suffix in staticSuffixes: + testfile = '%s/lib%s%s' % (path, lib, suffix) + if os.path.isfile(testfile): + static_source_list.append(testfile) + print "Found static library %s as %s" % (lib, testfile) + return +- for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)): +- if os.path.isfile(testfile): +- print "Found shared library %s as %s" % (lib, testfile) +- link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] ) +- return + print "Could not find library for %s!!! Looked in %s" % (lib, testPaths) + return + diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch new file mode 100644 index 0000000000..8e90502469 --- /dev/null +++ b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-12904: + +https://github.com/akrennmair/newsbeuter/issues/591 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12904 + +Patch copied from the Debian package of newsbeuter, version 2.9-5+deb9u1. + +Adapted from upstream source repository: + +https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 + +Description: Fix a RCE vulnerability in the bookmark command + Newsbeuter didn't properly escape the title and description fields before + passing them to the bookmarking program which could lead to remote code + execution using the shells command substitution functionality (e.g. "$()", ``, + etc) + +Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 +Last-Update: 2017-08-18 + +--- newsbeuter-2.9.orig/src/controller.cpp ++++ newsbeuter-2.9/src/controller.cpp +@@ -1274,9 +1274,10 @@ std::string controller::bookmark(const s + std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd"); + bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive"); + if (bookmark_cmd.length() > 0) { +- std::string cmdline = utils::strprintf("%s '%s' %s %s", ++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'", + bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(), +- stfl::quote(title).c_str(), stfl::quote(description).c_str()); ++ utils::replace_all(title,"'", "%27").c_str(), ++ utils::replace_all(description,"'", "%27").c_str()); + + LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str()); diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch index a33e05fcf2..e3145aa4cf 100644 --- a/gnu/packages/patches/nss-pkgconfig.patch +++ b/gnu/packages/patches/nss-pkgconfig.patch @@ -221,5 +221,5 @@ Later adapted to apply cleanly to nss-3.21. RELEASE = nss --DIRS = coreconf lib cmd gtests -+DIRS = coreconf lib cmd gtests config +-DIRS = coreconf lib cmd cpputil gtests ++DIRS = coreconf lib cmd cpputil gtests config diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch deleted file mode 100644 index 83c9dbb3d4..0000000000 --- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch +++ /dev/null @@ -1,43 +0,0 @@ -Fix CVE-2017-0358: -http://seclists.org/oss-sec/2017/q1/259 -This patch was copied from the above URL. - -diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c -index 0bb38f9..c6d1dad 100644 ---- a/src/lowntfs-3g.c -+++ b/src/lowntfs-3g.c -@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void) - struct stat st; - pid_t pid; - const char *cmd = "/sbin/modprobe"; -+ char *env = (char*)NULL; - struct timespec req = { 0, 100000000 }; /* 100 msec */ - fuse_fstype fstype; - - if (!stat(cmd, &st) && !geteuid()) { - pid = fork(); - if (!pid) { -- execl(cmd, cmd, "fuse", NULL); -+ execle(cmd, cmd, "fuse", NULL, &env); - _exit(1); - } else if (pid != -1) - waitpid(pid, NULL, 0); -diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c ---- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 -+++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 -@@ -3612,13 +3612,14 @@ - struct stat st; - pid_t pid; - const char *cmd = "/sbin/modprobe"; -+ char *env = (char*)NULL; - struct timespec req = { 0, 100000000 }; /* 100 msec */ - fuse_fstype fstype; - - if (!stat(cmd, &st) && !geteuid()) { - pid = fork(); - if (!pid) { -- execl(cmd, cmd, "fuse", NULL); -+ execle(cmd, cmd, "fuse", NULL, &env); - _exit(1); - } else if (pid != -1) - waitpid(pid, NULL, 0); diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch deleted file mode 100644 index 545b5d0a71..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch +++ /dev/null @@ -1,233 +0,0 @@ -Fix CVE-2016-9572 and CVE-2016-9573: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 - -Patch copied from 3rd-party repository: - -https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d - -From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001 -From: szukw000 <szukw000@arcor.de> -Date: Mon, 28 Nov 2016 21:57:20 +0100 -Subject: [PATCH] Changes for issues #863 and #862 - ---- - src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- - src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- - src/bin/jp2/opj_decompress.c | 2 +- - src/lib/openjp2/j2k.c | 11 ++++++--- - 4 files changed, 90 insertions(+), 11 deletions(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index deee4f6..6a3f65b 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { - for (i = 0; i < image->numcomps-1; i++) { - if ((image->comps[0].dx != image->comps[i+1].dx) - ||(image->comps[0].dy != image->comps[i+1].dy) -- ||(image->comps[0].prec != image->comps[i+1].prec)) { -+ ||(image->comps[0].prec != image->comps[i+1].prec) -+ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { - fclose(fdest); - fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); - return 1; -@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) - int *red, *green, *blue, *alpha; - int wr, hr, max; - int i; -- unsigned int compno, ncomp; -+ unsigned int compno, ncomp, ui; - int adjustR, adjustG, adjustB, adjustA; - int fails, two, want_gray, has_alpha, triple; - int prec, v; -@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) - - if(want_gray) ncomp = 1; - -+ for (ui = 1; ui < ncomp; ++ui) { -+ if (image->comps[0].dx != image->comps[ui].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[ui].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[ui].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[ui].sgnd) { -+ break; -+ } -+ } -+ if (ui != ncomp) { -+ fprintf(stderr,"imagetopnm: All components\n shall have " -+ "the same subsampling, same bit depth, same sign.\n" -+ " Aborting\n"); -+ return 1; -+ } -+ - if ((force_split == 0) && - (ncomp == 2 /* GRAYA */ - || (ncomp > 2 /* RGB, RGBA */ -@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - { - FILE *rawFile = NULL; - size_t res; -- unsigned int compno; -+ unsigned int compno, numcomps; - int w, h, fails; - int line, row, curr, mask; - int *ptr; -@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - return 1; - } - -+ numcomps = image->numcomps; -+ -+ if (numcomps > 4) { -+ numcomps = 4; -+ } -+ for (compno = 1; compno < numcomps; ++compno) { -+ if (image->comps[0].dx != image->comps[compno].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[compno].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[compno].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[compno].sgnd) { -+ break; -+ } -+ } -+ if (compno != numcomps) { -+ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); -+ fprintf(stderr,"\tAborting\n"); -+ return 1; -+ } -+ - rawFile = fopen(outfile, "wb"); - if (!rawFile) { - fprintf(stderr, "Failed to open %s for writing !!\n", outfile); -@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - } - - fails = 1; -- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); -+ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); - -- for(compno = 0; compno < image->numcomps; compno++) -+ for(compno = 0; compno < numcomps; compno++) - { - fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, - image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); -@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - } - else if (image->comps[compno].prec <= 32) - { -- fprintf(stderr,"More than 16 bits per component no handled yet\n"); -+ fprintf(stderr,"More than 16 bits per component not handled yet\n"); - goto fin; - } - else -diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c -index ae83077..8017ba8 100644 ---- a/src/bin/jp2/convertbmp.c -+++ b/src/bin/jp2/convertbmp.c -@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { - FILE *fdest = NULL; - int adjustR, adjustG, adjustB; - -+ { -+ unsigned int ui, ncomp = image->numcomps; -+ -+ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ -+ ncomp = 4; -+ } -+ for (ui = 1; ui < ncomp; ++ui) { -+ if (image->comps[0].dx != image->comps[ui].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[ui].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[ui].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[ui].sgnd) { -+ break; -+ } -+ } -+ if (ui != ncomp) { -+ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); -+ fprintf(stderr,"\tAborting\n"); -+ return 1; -+ } -+ -+ } - if (image->comps[0].prec < 8) { -- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); -+ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); - return 1; - } - if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx -diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c -index 83160c3..c30079b 100644 ---- a/src/bin/jp2/opj_decompress.c -+++ b/src/bin/jp2/opj_decompress.c -@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) - if(dirptr->filename_buf) free(dirptr->filename_buf); - free(dirptr); - } -- if (numDecompressedImages) { -+ if (numDecompressedImages && !failed) { - fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); - } - return failed ? EXIT_FAILURE : EXIT_SUCCESS; -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 66802bb..b6daa32 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, - i, l_img_comp->dx, l_img_comp->dy); - return OPJ_FALSE; - } -- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ -+ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ - opj_event_msg(p_manager, EVT_ERROR, - "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", - i, l_img_comp->prec); -@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, - /* Move data and copy one information from codec to output image*/ - for (compno = 0; compno < p_image->numcomps; compno++) { - p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; -- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; -+ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; -+ -+ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; -+ -+ p_j2k->m_output_image->comps[compno].data = NULL; - #if 0 - char fn[256]; - sprintf( fn, "/tmp/%d.raw", compno ); -@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, - fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); - fclose( debug ); - #endif -- p_j2k->m_output_image->comps[compno].data = NULL; - } - - return OPJ_TRUE; -@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, - - p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; - -+ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; -+ - p_j2k->m_output_image->comps[compno].data = NULL; - } - diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch deleted file mode 100644 index 3f637fa88b..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch +++ /dev/null @@ -1,245 +0,0 @@ -From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 -From: szukw000 <szukw000@arcor.de> -Date: Fri, 9 Dec 2016 08:29:55 +0100 -Subject: [PATCH] These changes repair bugs of #871 and #872 - -email from http://openwall.com/lists/oss-security/2016/12/09/4 -patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. - ---- - src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- - 1 file changed, 70 insertions(+), 37 deletions(-) - -diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c -index 143d3be..c690f8b 100644 ---- a/src/bin/jp2/converttif.c -+++ b/src/bin/jp2/converttif.c -@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len - - int imagetotif(opj_image_t * image, const char *outfile) - { -- int width, height; -- int bps,adjust, sgnd; -- int tiPhoto; -+ uint32 width, height, bps, tiPhoto; -+ int adjust, sgnd; - TIFF *tif; - tdata_t buf; -- tsize_t strip_size; -+ tmsize_t strip_size, rowStride; - OPJ_UINT32 i, numcomps; -- OPJ_SIZE_T rowStride; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32 const* planes[4]; - convert_32s_PXCX cvtPxToCx = NULL; - convert_32sXXx_C1R cvt32sToTif = NULL; - -- bps = (int)image->comps[0].prec; -+ bps = (uint32)image->comps[0].prec; - planes[0] = image->comps[0].data; - - numcomps = image->numcomps; -@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) - break; - } - sgnd = (int)image->comps[0].sgnd; -- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; -- width = (int)image->comps[0].w; -- height = (int)image->comps[0].h; -+ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; -+ width = (uint32)image->comps[0].w; -+ height = (uint32)image->comps[0].h; - - TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); - TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); -- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); -+ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); - TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); - TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); - TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); -@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); - - strip_size = TIFFStripSize(tif); -- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; -- if (rowStride != (OPJ_SIZE_T)strip_size) { -+ rowStride = (width * numcomps * bps + 7U) / 8U; -+ if (rowStride != strip_size) { - fprintf(stderr, "Invalid TIFF strip size\n"); - TIFFClose(tif); - return 1; -@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFClose(tif); - return 1; - } -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFF *tif; - tdata_t buf; - tstrip_t strip; -- tsize_t strip_size; -+ tmsize_t strip_size; - int j, currentPlane, numcomps = 0, w, h; - OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; - opj_image_cmptparm_t cmptparm[4]; /* RGBA */ - opj_image_t *image = NULL; - int has_alpha = 0; -- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; -- unsigned int tiWidth, tiHeight; -+ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; - OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); - convert_XXx32s_C1R cvtTifTo32s = NULL; - convert_32s_CXPX cvtCxToPx = NULL; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32* planes[4]; -- OPJ_SIZE_T rowStride; -+ tmsize_t rowStride; - - tif = TIFFOpen(filename, "r"); - -@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); - TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); - TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); -- w= (int)tiWidth; -- h= (int)tiHeight; -- -- if(tiBps > 16U) { -- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); -- fprintf(stderr,"\tAborting\n"); -+ -+ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ -+ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" -+ "\tAborting.\n", tiSpp); -+ TIFFClose(tif); -+ return NULL; -+ } -+ if(tiBps > 16U || tiBps == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" -+ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); - TIFFClose(tif); - return NULL; - } - if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { -- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); -+ fprintf(stderr,"tiftoimage: Bad color format %d.\n" -+ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); - fprintf(stderr,"\tAborting\n"); - TIFFClose(tif); - return NULL; - } -- -+ if(tiWidth == 0 || tiHeight == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for width(%u) " -+ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); -+ TIFFClose(tif); -+ return NULL; -+ } -+ w= (int)tiWidth; -+ h= (int)tiHeight; -+ - switch (tiBps) { - case 1: - case 2: -@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - - TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, - &extrasamples, &sampleinfo); -- -+ - if(extrasamples >= 1) - { - switch(sampleinfo[0]) -@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - else /* extrasamples == 0 */ - if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; - } -- -+ - /* initialize image components */ - memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); - -@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - } else { - is_cinema = 0U; - } -- -+ - if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ - { - numcomps = 3 + has_alpha; -@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->x0 = (OPJ_UINT32)parameters->image_offset_x0; - image->y0 = (OPJ_UINT32)parameters->image_offset_y0; - image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : -- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ if(image->x1 <= image->x0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " -+ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : -- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -- -+ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -+ if(image->y1 <= image->y0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " -+ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } -+ - for(j = 0; j < numcomps; j++) - { - planes[j] = image->comps[j].data; -@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); - - strip_size = TIFFStripSize(tif); -- -+ - buf = _TIFFmalloc(strip_size); - if (buf == NULL) { - TIFFClose(tif); - opj_image_destroy(image); - return NULL; - } -- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); -+ rowStride = (w * tiSpp * tiBps + 7U) / 8U; -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) - { - const OPJ_UINT8 *dat8; -- OPJ_SIZE_T ssize; -+ tmsize_t ssize; - -- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ if(ssize < 1 || ssize > strip_size) { -+ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " -+ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); -+ _TIFFfree(buf); -+ _TIFFfree(buffer32s); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - dat8 = (const OPJ_UINT8*)buf; -- -+ - while (ssize >= rowStride) { - cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); - cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch new file mode 100644 index 0000000000..3929a73570 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch @@ -0,0 +1,28 @@ +http://openwall.com/lists/oss-security/2017/08/21/1 +https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch + +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch new file mode 100644 index 0000000000..74613cb632 --- /dev/null +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch @@ -0,0 +1,62 @@ +Fix CVE-2017-10788: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788 + +Patch written to match corrected documentation specifications: + +Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html +New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html + +The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660. + +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 +From: Pali <pali@cpan.org> +Date: Sun, 25 Jun 2017 10:07:39 +0200 +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() + +Ignore return value from mysql_stmt_close() and also its error message +because it points to freed memory after mysql_stmt_close() was called. +--- + dbdimp.c | 8 ++------ + mysql.xs | 7 ++----- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index c60a5f6..a6410e5 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { + + if (imp_sth->stmt) + { +- if (mysql_stmt_close(imp_sth->stmt)) +- { +- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), +- mysql_stmt_error(imp_sth->stmt), +- mysql_stmt_sqlstate(imp_sth->stmt)); +- } ++ mysql_stmt_close(imp_sth->stmt); ++ imp_sth->stmt= NULL; + } + #endif + +diff --git a/mysql.xs b/mysql.xs +index 55376e1..affde59 100644 +--- a/mysql.xs ++++ b/mysql.xs +@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) + if (bind) + Safefree(bind); + +- if(mysql_stmt_close(stmt)) +- { +- fprintf(stderr, "\n failed while closing the statement"); +- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); +- } ++ mysql_stmt_close(stmt); ++ stmt= NULL; + + if (retval == -2) /* -2 means error */ + { +-- +1.7.9.5 diff --git a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch b/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch deleted file mode 100644 index 16f136fb54..0000000000 --- a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch +++ /dev/null @@ -1,23 +0,0 @@ -Disable a test that fails with openssl-1.0.2b. - ---- Net-SSLeay-1.68/t/local/33_x509_create_cert.t.orig 2014-06-07 02:01:39.000000000 -0400 -+++ Net-SSLeay-1.68/t/local/33_x509_create_cert.t 2015-06-12 03:38:57.620286888 -0400 -@@ -2,7 +2,7 @@ - - use strict; - use warnings; --use Test::More tests => 123; -+use Test::More tests => 122; - use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/; - use File::Spec; - use utf8; -@@ -101,7 +101,8 @@ - like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); - - ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname"); -- like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); -+ # This test fails with openssl-1.0.2b -+ #like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); - - is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex"); - diff --git a/gnu/packages/patches/perl-no-sys-dirs.patch b/gnu/packages/patches/perl-no-sys-dirs.patch index da91fef3b4..31d53e0353 100644 --- a/gnu/packages/patches/perl-no-sys-dirs.patch +++ b/gnu/packages/patches/perl-no-sys-dirs.patch @@ -1,6 +1,7 @@ Don't look for headers and libraries in "traditional" locations. -Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>. +Patch adapted from Nixpkgs, originally by Eelco Dolstra +<eelco.dolstra@logicblox.com>. diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/Configure perl-5.20.0/Configure --- perl-5.20.0-orig/Configure 2014-05-26 15:34:18.000000000 +0200 @@ -185,39 +186,6 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li case "$plibpth" in '') plibpth=`LANG=C LC_ALL=C $gcc $ccflags $ldflags -print-search-dirs | grep libraries | cut -f2- -d= | tr ':' $trnl | grep -v 'gcc' | sed -e 's:/$::'` -@@ -178,32 +159,6 @@ - ;; - esac - --case "$libc" in --'') --# If you have glibc, then report the version for ./myconfig bug reporting. --# (Configure doesn't need to know the specific version since it just uses --# gcc to load the library for all tests.) --# We don't use __GLIBC__ and __GLIBC_MINOR__ because they --# are insufficiently precise to distinguish things like --# libc-2.0.6 and libc-2.0.7. -- for p in $plibpth -- do -- for trylib in libc.so.6 libc.so -- do -- if $test -e $p/$trylib; then -- libc=`ls -l $p/$trylib | awk '{print $NF}'` -- if $test "X$libc" != X; then -- break -- fi -- fi -- done -- if $test "X$libc" != X; then -- break -- fi -- done -- ;; --esac -- - # Are we using ELF? Thanks to Kenneth Albanowski <kjahds@kjahds.com> - # for this test. - cat >try.c <<'EOM' @@ -367,33 +322,6 @@ ;; esac @@ -252,3 +220,40 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li # Linux on Synology. if [ -f /etc/synoinfo.conf -a -d /usr/syno ]; then # Tested on Synology DS213 and DS413 +diff --git a/hints/linux.sh b/hints/linux.sh +index 3f38ea0..97aed11 100644 +--- a/hints/linux.sh ++++ b/hints/linux.sh +@@ -195,32 +195,6 @@ case "$usequadmath" in + ;; + esac + +-case "$libc" in +-'') +-# If you have glibc, then report the version for ./myconfig bug reporting. +-# (Configure doesn't need to know the specific version since it just uses +-# gcc to load the library for all tests.) +-# We don't use __GLIBC__ and __GLIBC_MINOR__ because they +-# are insufficiently precise to distinguish things like +-# libc-2.0.6 and libc-2.0.7. +- for p in $plibpth +- do +- for trylib in libc.so.6 libc.so +- do +- if $test -e $p/$trylib; then +- libc=`ls -l $p/$trylib | awk '{print $NF}'` +- if $test "X$libc" != X; then +- break +- fi +- fi +- done +- if $test "X$libc" != X; then +- break +- fi +- done +- ;; +-esac +- + if ${sh:-/bin/sh} -c exit; then + echo '' + echo 'You appear to have a working bash. Good.' diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch deleted file mode 100644 index 17a2807171..0000000000 --- a/gnu/packages/patches/poppler-CVE-2017-9776.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-9776: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776 -https://bugs.freedesktop.org/show_bug.cgi?id=101541 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc - -From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Wed, 21 Jun 2017 00:55:20 +0200 -Subject: [PATCH] Fix crash in malformed documents - ---- - poppler/JBIG2Stream.cc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc -index 48535883..d89108c8 100644 ---- a/poppler/JBIG2Stream.cc -+++ b/poppler/JBIG2Stream.cc -@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, - oneByte = x0 == ((x1 - 1) & ~7); - - for (yy = y0; yy < y1; ++yy) { -- if (unlikely(y + yy) >= h) -+ if (unlikely((y + yy >= h) || (y + yy < 0))) - continue; - - // one byte per line -- need to mask both left and right side --- -2.13.2 - diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch deleted file mode 100644 index 353a16e322..0000000000 --- a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch +++ /dev/null @@ -1,61 +0,0 @@ -Copied from: - - https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a - -From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Sat, 27 May 2017 00:09:17 +0200 -Subject: pdfunite: Fix crash with broken documents - -Sometimes we can't parse pages so check before accessing them - -Thanks to Jiaqi Peng for the report - -Fixes bugs #101153 and #101149 - -diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc -index dfe48bf..c32e201 100644 ---- a/utils/pdfunite.cc -+++ b/utils/pdfunite.cc -@@ -7,7 +7,7 @@ - // Copyright (C) 2011-2015, 2017 Thomas Freitag <Thomas.Freitag@alfa.de> - // Copyright (C) 2012 Arseny Solokha <asolokha@gmx.com> - // Copyright (C) 2012 Fabio D'Urso <fabiodurso@hotmail.it> --// Copyright (C) 2012, 2014 Albert Astals Cid <aacid@kde.org> -+// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aacid@kde.org> - // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com> - // Copyright (C) 2013 Hib Eris <hib@hiberis.nl> - // Copyright (C) 2015 Arthur Stavisky <vovodroid@gmail.com> -@@ -268,15 +268,15 @@ int main (int argc, char *argv[]) - catDict->lookup("OutputIntents", &intents); - catDict->lookupNF("AcroForm", &afObj); - Ref *refPage = docs[0]->getCatalog()->getPageRef(1); -- if (!afObj.isNull()) { -+ if (!afObj.isNull() && refPage) { - docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num); - } - catDict->lookupNF("OCProperties", &ocObj); -- if (!ocObj.isNull() && ocObj.isDict()) { -+ if (!ocObj.isNull() && ocObj.isDict() && refPage) { - docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num); - } - catDict->lookup("Names", &names); -- if (!names.isNull() && names.isDict()) { -+ if (!names.isNull() && names.isDict() && refPage) { - docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num); - } - if (intents.isArray() && intents.arrayGetLength() > 0) { -@@ -353,6 +353,10 @@ int main (int argc, char *argv[]) - - for (i = 0; i < (int) docs.size(); i++) { - for (j = 1; j <= docs[i]->getNumPages(); j++) { -+ if (!docs[i]->getCatalog()->getPage(j)) { -+ continue; -+ } -+ - PDFRectangle *cropBox = NULL; - if (docs[i]->getCatalog()->getPage(j)->isCropped()) - cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox(); --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/python-cython-fix-tests-32bit.patch b/gnu/packages/patches/python-cython-fix-tests-32bit.patch deleted file mode 100644 index 7ccc11dd4c..0000000000 --- a/gnu/packages/patches/python-cython-fix-tests-32bit.patch +++ /dev/null @@ -1,27 +0,0 @@ -This fixes a test failure on 32-bit platforms. - -Upstream bug URL: https://github.com/cython/cython/issues/1548 - -Patch copied from upstream source repository: - -https://github.com/cython/cython/commit/d92a718a26c9354fbf35f31a17de5c069865a447 - -From d92a718a26c9354fbf35f31a17de5c069865a447 Mon Sep 17 00:00:00 2001 -From: Robert Bradshaw <robertwb@gmail.com> -Date: Tue, 24 Jan 2017 16:57:00 -0800 -Subject: [PATCH] Normalize possible L suffix. - ---- - tests/run/cpdef_enums.pyx | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/run/cpdef_enums.pyx b/tests/run/cpdef_enums.pyx -index 167c762..c264ec5 100644 ---- a/tests/run/cpdef_enums.pyx -+++ b/tests/run/cpdef_enums.pyx -@@ -93,4 +93,4 @@ def verify_resolution_GH1533(): - 3 - """ - THREE = 100 -- return PyxEnum.THREE -+ return int(PyxEnum.THREE) diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch deleted file mode 100644 index cb60896fad..0000000000 --- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch +++ /dev/null @@ -1,36 +0,0 @@ -These tests fail on 32-bit due to an overflow. - -Upstream bug URL: https://github.com/joke2k/faker/issues/408 - -diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py -index 6026772..58b6b83 100644 ---- a/faker/tests/__init__.py -+++ b/faker/tests/__init__.py -@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase): - provider = Provider - # test century - self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) -- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) - # test decade - self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) - self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) -@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase): - - # ensure all methods provide timezone aware datetimes - with self.assertRaises(TypeError): -- provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now() -- with self.assertRaises(TypeError): - provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now() - with self.assertRaises(TypeError): - provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now() -@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase): - - # test century - self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) -- self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) - # test decade - self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) - self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) --- -2.11.1 - diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch deleted file mode 100644 index bbe825c36a..0000000000 --- a/gnu/packages/patches/python-file-double-encoding-bug.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix bug that breaks file's Python bindings when using Python 3. This patch -should not be applied when using Python 2. - -Copied from upstream source repository: - -https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372 - -From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Tue, 28 Jun 2016 17:10:22 +0000 -Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3 - ---- - python/magic.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/magic.py b/python/magic.py -index c48f7d5..b0f7a17 100644 ---- a/python/magic.py -+++ b/python/magic.py -@@ -134,7 +134,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def descriptor(self, fd): - """ -@@ -152,7 +152,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def error(self): - """ -@@ -163,7 +163,7 @@ class Magic(object): - if isinstance(e, str): - return e - else: -- return str(e).encode('utf-8') -+ return str(e, 'utf-8') - - def setflags(self, flags): - """ --- -2.10.1 - diff --git a/gnu/packages/patches/python-pbr-fix-man-page-support.patch b/gnu/packages/patches/python-pbr-fix-man-page-support.patch deleted file mode 100644 index b9036f5b01..0000000000 --- a/gnu/packages/patches/python-pbr-fix-man-page-support.patch +++ /dev/null @@ -1,28 +0,0 @@ -See: https://bugs.launchpad.net/oslosphinx/+bug/1661861 -diff -ur orig/pbr-1.10.0/pbr/builddoc.py pbr-1.10.0/pbr/builddoc.py ---- orig/pbr-1.10.0/pbr/builddoc.py 2016-05-23 21:38:18.000000000 +0200 -+++ pbr-1.10.0/pbr/builddoc.py 2017-02-18 14:01:37.424434317 +0100 -@@ -138,7 +138,8 @@ - sphinx_config.init_values(warnings.warn) - else: - sphinx_config.init_values() -- if self.builder == 'man' and len(sphinx_config.man_pages) == 0: -+ if self.builder == 'man' and len( -+ getattr(sphinx_config, 'man_pages', '')) == 0: - return - app = application.Sphinx( - self.source_dir, self.config_dir, -diff -ur orig/pbr-1.10.0/pbr/util.py pbr-1.10.0/pbr/util.py ---- orig/pbr-1.10.0/pbr/util.py 2016-05-23 21:38:18.000000000 +0200 -+++ pbr-1.10.0/pbr/util.py 2017-02-18 15:36:32.951196795 +0100 -@@ -211,7 +211,9 @@ - parser.read(path) - config = {} - for section in parser.sections(): -- config[section] = dict(parser.items(section)) -+ config[section] = dict() -+ for k, value in parser.items(section): -+ config[section][k.replace('-', '_')] = value - - # Run setup_hooks, if configured - setup_hooks = has_get_option(config, 'global', 'setup_hooks') diff --git a/gnu/packages/patches/python-pygit2-disable-network-tests.patch b/gnu/packages/patches/python-pygit2-disable-network-tests.patch index e46d244807..5578e4c375 100644 --- a/gnu/packages/patches/python-pygit2-disable-network-tests.patch +++ b/gnu/packages/patches/python-pygit2-disable-network-tests.patch @@ -1,64 +1,43 @@ Disable tests trying to look up remote servers. diff --git a/test/test_credentials.py b/test/test_credentials.py -index 92482d9..9a281e5 100644 --- a/test/test_credentials.py +++ b/test/test_credentials.py -@@ -68,39 +68,5 @@ class CredentialCreateTest(utils.NoRepoTestCase): +@@ -68,6 +68,7 @@ class CredentialCreateTest(utils.NoRepoTestCase): self.assertEqual((username, None, None, None), cred.credential_tuple) --class CredentialCallback(utils.RepoTestCase): -- def test_callback(self): -- class MyCallbacks(pygit2.RemoteCallbacks): -- @staticmethod -- def credentials(url, username, allowed): -- self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT) -- raise Exception("I don't know the password") -- -- url = "https://github.com/github/github" -- remote = self.repo.create_remote("github", url) -- -- self.assertRaises(Exception, lambda: remote.fetch(callbacks=MyCallbacks())) -- -- def test_bad_cred_type(self): -- class MyCallbacks(pygit2.RemoteCallbacks): -- @staticmethod -- def credentials(url, username, allowed): -- self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT) -- return Keypair("git", "foo.pub", "foo", "sekkrit") -- -- url = "https://github.com/github/github" -- remote = self.repo.create_remote("github", url) -- self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks())) -- --class CallableCredentialTest(utils.RepoTestCase): -- -- def test_user_pass(self): -- credentials = UserPass("libgit2", "libgit2") -- callbacks = pygit2.RemoteCallbacks(credentials=credentials) -- -- url = "https://bitbucket.org/libgit2/testgitrepository.git" -- remote = self.repo.create_remote("bb", url) -- remote.fetch(callbacks=callbacks) -- - if __name__ == '__main__': - unittest.main() ++@unittest.skipIf(True, "network tests are not supported in Guix") + class CredentialCallback(utils.RepoTestCase): + def test_callback(self): + class MyCallbacks(pygit2.RemoteCallbacks): +@@ -92,6 +93,7 @@ class CredentialCallback(utils.RepoTestCase): + remote = self.repo.create_remote("github", url) + self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks())) + ++@unittest.skipIf(True, "network tests are not supported in Guix") + class CallableCredentialTest(utils.RepoTestCase): + + def test_user_pass(self): diff --git a/test/test_repository.py b/test/test_repository.py -index cfdf01e..c0d8de4 100644 --- a/test/test_repository.py +++ b/test/test_repository.py -@@ -538,13 +538,6 @@ class CloneRepositoryTest(utils.NoRepoTestCase): +@@ -573,6 +573,7 @@ class CloneRepositoryTest(utils.NoRepoTestCase): self.assertTrue('refs/remotes/custom_remote/master' in repo.listall_references()) self.assertIsNotNone(repo.remotes["custom_remote"]) -- def test_clone_with_credentials(self): -- repo = clone_repository( -- "https://bitbucket.org/libgit2/testgitrepository.git", -- self._temp_dir, callbacks=pygit2.RemoteCallbacks(credentials=pygit2.UserPass("libgit2", "libgit2"))) -- -- self.assertFalse(repo.is_empty) -- - def test_clone_with_checkout_branch(self): - # create a test case which isolates the remote - test_repo = clone_repository('./test/data/testrepo.git', ++ @unittest.skipIf(True, "network tests are not supported in Guix") + def test_clone_with_credentials(self): + repo = clone_repository( + "https://bitbucket.org/libgit2/testgitrepository.git", +diff --git a/test/test_submodule.py b/test/test_submodule.py +--- a/test/test_submodule.py ++++ b/test/test_submodule.py +@@ -42,6 +42,7 @@ SUBM_PATH = 'submodule' + SUBM_URL = 'https://github.com/libgit2/pygit2' + SUBM_HEAD_SHA = '819cbff552e46ac4b8d10925cc422a30aa04e78e' + ++@unittest.skipIf(True, "network tests are not supported in Guix") + class SubmoduleTest(utils.SubmoduleRepoTestCase): + + def test_lookup_submodule(self): diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch deleted file mode 100644 index 06b2f4fe03..0000000000 --- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch +++ /dev/null @@ -1,36 +0,0 @@ -Resolves a test failure on 32-bit platforms. - -https://github.com/pyca/pyopenssl/issues/657 - -Patch copied from upstream source repository: - -https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 - -From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor <alex.gaynor@gmail.com> -Date: Thu, 6 Jul 2017 22:14:44 -0400 -Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation - requests - ---- - tests/test_rand.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/test_rand.py b/tests/test_rand.py -index bdd3af08..6adf72a1 100644 ---- a/tests/test_rand.py -+++ b/tests/test_rand.py -@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args): - - def test_insufficient_memory(self): - """ -- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested -- than will fit in memory. -+ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more -+ bytes are requested than will fit in memory. - """ -- with pytest.raises(MemoryError): -+ with pytest.raises((MemoryError, OverflowError)): - rand.bytes(sys.maxsize) - - def test_bytes(self): diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch new file mode 100644 index 0000000000..2b60de3dca --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10664.patch @@ -0,0 +1,27 @@ +Fix CVE-2017-10664: + +https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html +https://bugzilla.redhat.com/show_bug.cgi?id=1466190 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664 +https://security-tracker.debian.org/tracker/CVE-2017-10664 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 + +diff --git a/qemu-nbd.c b/qemu-nbd.c +index 9464a0461c..4dd3fd4732 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -581,6 +581,10 @@ int main(int argc, char **argv) + sa_sigterm.sa_handler = termsig_handler; + sigaction(SIGTERM, &sa_sigterm, NULL); + ++#ifdef CONFIG_POSIX ++ signal(SIGPIPE, SIG_IGN); ++#endif ++ + module_call_init(MODULE_INIT_TRACE); + qcrypto_init(&error_fatal); + + diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch new file mode 100644 index 0000000000..ebf782fe7b --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10806.patch @@ -0,0 +1,38 @@ +Fix CVE-2017-10806: + +https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html +https://bugzilla.redhat.com/show_bug.cgi?id=1468496 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806 +https://security-tracker.debian.org/tracker/CVE-2017-10806 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index b001a27f05..ad5ef783a6 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) + static void usbredir_log_data(USBRedirDevice *dev, const char *desc, + const uint8_t *data, int len) + { +- int i, j, n; +- + if (dev->debug < usbredirparser_debug_data) { + return; + } +- +- for (i = 0; i < len; i += j) { +- char buf[128]; +- +- n = sprintf(buf, "%s", desc); +- for (j = 0; j < 8 && i + j < len; j++) { +- n += sprintf(buf + n, " %02X", data[i + j]); +- } +- error_report("%s", buf); +- } ++ qemu_hexdump((char *)data, stderr, desc, len); + } + + /* diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch new file mode 100644 index 0000000000..1dcb860a2d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch @@ -0,0 +1,106 @@ +Fix CVE-2017-10911: + +https://xenbits.xen.org/xsa/advisory-216.html +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911 +https://security-tracker.debian.org/tracker/CVE-2017-10911 + +Patch copied from Xen Security Advisory: + +https://xenbits.xen.org/xsa/xsa216-qemuu.patch + +--- a/hw/block/xen_blkif.h ++++ b/hw/block/xen_blkif.h +@@ -14,9 +14,6 @@ + struct blkif_common_request { + char dummy; + }; +-struct blkif_common_response { +- char dummy; +-}; + + /* i386 protocol version */ + #pragma pack(push, 4) +@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard { + blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ + uint64_t nr_sectors; /* # of contiguous sectors to discard */ + }; +-struct blkif_x86_32_response { +- uint64_t id; /* copied from request */ +- uint8_t operation; /* copied from request */ +- int16_t status; /* BLKIF_RSP_??? */ +-}; + typedef struct blkif_x86_32_request blkif_x86_32_request_t; +-typedef struct blkif_x86_32_response blkif_x86_32_response_t; + #pragma pack(pop) + + /* x86_64 protocol version */ +@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard { + blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ + uint64_t nr_sectors; /* # of contiguous sectors to discard */ + }; +-struct blkif_x86_64_response { +- uint64_t __attribute__((__aligned__(8))) id; +- uint8_t operation; /* copied from request */ +- int16_t status; /* BLKIF_RSP_??? */ +-}; + typedef struct blkif_x86_64_request blkif_x86_64_request_t; +-typedef struct blkif_x86_64_response blkif_x86_64_response_t; + + DEFINE_RING_TYPES(blkif_common, struct blkif_common_request, +- struct blkif_common_response); ++ struct blkif_response); + DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request, +- struct blkif_x86_32_response); ++ struct blkif_response QEMU_PACKED); + DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request, +- struct blkif_x86_64_response); ++ struct blkif_response); + + union blkif_back_rings { + blkif_back_ring_t native; +--- a/hw/block/xen_disk.c ++++ b/hw/block/xen_disk.c +@@ -769,31 +769,30 @@ static int blk_send_response_one(struct + struct XenBlkDev *blkdev = ioreq->blkdev; + int send_notify = 0; + int have_requests = 0; +- blkif_response_t resp; +- void *dst; +- +- resp.id = ioreq->req.id; +- resp.operation = ioreq->req.operation; +- resp.status = ioreq->status; ++ blkif_response_t *resp; + + /* Place on the response ring for the relevant domain. */ + switch (blkdev->protocol) { + case BLKIF_PROTOCOL_NATIVE: +- dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.native, ++ blkdev->rings.native.rsp_prod_pvt); + break; + case BLKIF_PROTOCOL_X86_32: +- dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, +- blkdev->rings.x86_32_part.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, ++ blkdev->rings.x86_32_part.rsp_prod_pvt); + break; + case BLKIF_PROTOCOL_X86_64: +- dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, +- blkdev->rings.x86_64_part.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, ++ blkdev->rings.x86_64_part.rsp_prod_pvt); + break; + default: +- dst = NULL; + return 0; + } +- memcpy(dst, &resp, sizeof(resp)); ++ ++ resp->id = ioreq->req.id; ++ resp->operation = ioreq->req.operation; ++ resp->status = ioreq->status; ++ + blkdev->rings.common.rsp_prod_pvt++; + + RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify); diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch new file mode 100644 index 0000000000..cb68c803aa --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch @@ -0,0 +1,52 @@ +Fix CVE-2017-11334: + +https://bugzilla.redhat.com/show_bug.cgi?id=1471638 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 + +From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Wed, 12 Jul 2017 18:08:40 +0530 +Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram + +When accessing guest's ram block during DMA operation, use +'qemu_ram_ptr_length' to get ram block pointer. It ensures +that DMA operation of given length is possible; And avoids +any OOB memory access situations. + +Reported-by: Alex <broscutamaker@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-Id: <20170712123840.29328-1-ppandit@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + exec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/exec.c b/exec.c +index a083ff89ad..ad103ce483 100644 +--- a/exec.c ++++ b/exec.c +@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(ptr, buf, l); + invalidate_and_set_dirty(mr, addr1, l); + } +@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(buf, ptr, l); + } + +-- +2.13.3 + diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch new file mode 100644 index 0000000000..4da701a73d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch @@ -0,0 +1,25 @@ +Fix CVE-2017-11434: + +https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html +https://bugzilla.redhat.com/show_bug.cgi?id=1472611 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434 +https://security-tracker.debian.org/tracker/CVE-2017-11434 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0 + +diff --git a/slirp/bootp.c b/slirp/bootp.c +index 5a4646c182..5dd1a415b5 100644 +--- a/slirp/bootp.c ++++ b/slirp/bootp.c +@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, + if (p >= p_end) + break; + len = *p++; ++ if (p + len > p_end) { ++ break; ++ } + DPRINTF("dhcp: tag=%d len=%d\n", tag, len); + + switch(tag) { diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch new file mode 100644 index 0000000000..e40a14b4e0 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch @@ -0,0 +1,38 @@ +http://openwall.com/lists/oss-security/2017/08/21/2 +https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html + +The block backend changed in a way that flushing empty CDROM drives now +crashes. Amend IDE to avoid doing so until the root problem can be +addressed for 2.11. + +Original patch by John Snow <address@hidden>. + +Reported-by: Kieron Shorrock <address@hidden> +Signed-off-by: Stefan Hajnoczi <address@hidden> +--- + hw/ide/core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 0b48b64d3a..bea39536b0 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s) + s->status |= BUSY_STAT; + ide_set_retry(s); + block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); +- s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ ++ if (blk_bs(s->blk)) { ++ s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ } else { ++ /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this ++ * temporary workaround when blk_aio_*() functions handle NULL blk_bs. ++ */ ++ ide_flush_cb(s, 0); ++ } + } + + static void ide_cfata_metadata_inquiry(IDEState *s) +-- +2.13.3 diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch new file mode 100644 index 0000000000..057bc02a14 --- /dev/null +++ b/gnu/packages/patches/quassel-fix-tls-check.patch @@ -0,0 +1,25 @@ +This allows quasselclient to connect to SSL-enabled quasselcore instances. + +The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check +fails SSL / TLS is disabled. + +This patch comes from the upstream source repository [0] and can be +removed when the next version is packaged. + +[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696 + +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -428,6 +428,11 @@ endif() + cmake_push_check_state(RESET) + set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS}) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}") ++ ++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE) ++ set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING") ++endif() ++ + check_cxx_source_compiles(" + #include \"qglobal.h\" + #if defined QT_NO_SSL + diff --git a/gnu/packages/patches/rpm-CVE-2014-8118.patch b/gnu/packages/patches/rpm-CVE-2014-8118.patch deleted file mode 100644 index 5fdb0f0eb2..0000000000 --- a/gnu/packages/patches/rpm-CVE-2014-8118.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code -execution via crafted CPIO header). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118 - -Source: -https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff - -Adopted by Debian: -http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch - -diff --git a/lib/cpio.c b/lib/cpio.c -index 253ff0f..600633a 100644 ---- a/lib/cpio.c -+++ b/lib/cpio.c -@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx) - - GET_NUM_FIELD(hdr.filesize, fsize); - GET_NUM_FIELD(hdr.namesize, nameSize); -+ if (nameSize <= 0 || nameSize > 4096) { -+ return RPMERR_BAD_HEADER; -+ } - - char name[nameSize + 1]; - read = Fread(name, nameSize, 1, cpio->fd); diff --git a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch b/gnu/packages/patches/ruby-puma-ignore-broken-test.patch deleted file mode 100644 index 8961ffa4ca..0000000000 --- a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/test/test_cli.rb b/test/test_cli.rb -index 9c515c6..6bd439f 100644 ---- a/test/test_cli.rb -+++ b/test/test_cli.rb -@@ -88,7 +88,7 @@ class TestCLI < Test::Unit::TestCase - s << "GET /stats HTTP/1.0\r\n\r\n" - body = s.read - -- assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last) -+ #assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last) - - # wait until the first status ping has come through - sleep 6 diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch new file mode 100644 index 0000000000..3db42feac9 --- /dev/null +++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch @@ -0,0 +1,32 @@ +Fix building of Shishi with libgcrypt 1.6 and later. + +Patch copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patches/fix_gcrypt_detection.diff?id=948301ae648a542a408da250755aeed58a6e3542 + +Description: Fix autoconf gnutls detection to also accept gcrypt 1.6. +Author: Andreas Metzler <ametzler@debian.org> +Bug-Debian: http://bugs.debian.org/753150 +Origin: vendor +Forwarded: no +Last-Update: 2014-07-18 + +--- shishi-1.0.2.orig/gl/m4/gc.m4 ++++ shishi-1.0.2/gl/m4/gc.m4 +@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC], + if test "$libgcrypt" != no; then + AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [ + #include <gcrypt.h> +-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c +- will fail on startup if we don't have 1.4.4 or later, so +- test for it early. */ +-#if !defined GCRY_MODULE_ID_USER ++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or ++ later, test for it early. by checking for either ++ - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or ++ - GCRYPT_VERSION_NUMBER which was added in 1.6. ++ */ ++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER + error too old libgcrypt + #endif + ]) diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch new file mode 100644 index 0000000000..43f4b9be69 --- /dev/null +++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch @@ -0,0 +1,179 @@ +Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch + +Author: Jaromír Mikeš <mira.mikes@seznam.cz>, Olly Betts <olly@survex.com> +Description: build against wx 3.0. +Forwarded: yes + +Index: sooperlooper/src/gui/main_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/main_panel.cpp ++++ sooperlooper/src/gui/main_panel.cpp +@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count) + while (count < (int)_looper_panels.size()) { + looperpan = _looper_panels.back(); + _looper_panels.pop_back(); +- _main_sizer->Remove(looperpan); ++ _main_sizer->Detach(looperpan); + looperpan->Destroy(); + } + } +@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas + } + + +- wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas + index = 0; + } + +- wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index + + void MainPanel::do_load_session () + { +- wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session () + + void MainPanel::do_save_session (bool write_audio) + { +- wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/pix_button.cpp +=================================================================== +--- sooperlooper.orig/src/gui/pix_button.cpp ++++ sooperlooper/src/gui/pix_button.cpp +@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent & + pt.x += bounds.x; + pt.y += bounds.y; + +- if (bounds.Inside(pt)) { ++ if (bounds.Contains(pt)) { + clicked (get_mouse_button(ev)); // emit + + if (ev.MiddleUp() && ev.ControlDown()) { +Index: sooperlooper/src/gui/looper_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/looper_panel.cpp ++++ sooperlooper/src/gui/looper_panel.cpp +@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button, + if (cmd == wxT("save")) + { + wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"), +- wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button, + } + else if (cmd == wxT("load")) + { +- wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/keyboard_target.cpp +=================================================================== +--- sooperlooper.orig/src/gui/keyboard_target.cpp ++++ sooperlooper/src/gui/keyboard_target.cpp +@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const + keycode = WXK_RETURN; + } + else if ( keyname == wxT("PGUP") ) { +- keycode = WXK_PRIOR; ++ keycode = WXK_PAGEUP; + } + else if ( keyname == wxT("PGDN") ) { +- keycode = WXK_NEXT; ++ keycode = WXK_PAGEDOWN; + } + else if ( keyname == wxT("LEFT") ) { + keycode = WXK_LEFT; +@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco + case WXK_RETURN: + text += wxT("return"); + break; +- case WXK_PRIOR: ++ case WXK_PAGEUP: + text += wxT("pageup"); + break; +- case WXK_NEXT: ++ case WXK_PAGEDOWN: + text += wxT("pagedown"); + break; + case WXK_LEFT: +Index: sooperlooper/src/gui/check_box.cpp +=================================================================== +--- sooperlooper.orig/src/gui/check_box.cpp ++++ sooperlooper/src/gui/check_box.cpp +@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e + } + else if (ev.LeftUp()) + { +- if (bounds.Inside(ev.GetPosition())) { ++ if (bounds.Contains(ev.GetPosition())) { + // toggle value + _value = !_value; + +Index: sooperlooper/src/gui/midi_bind_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/midi_bind_panel.cpp ++++ sooperlooper/src/gui/midi_bind_panel.cpp +@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand + } + else if (ev.GetId() == ID_LoadButton) + { +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR); + if ( !filename.empty() ) + { + _parent->get_loop_control().load_midi_bindings(filename, _append_check->GetValue()); +@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand + } + else if (ev.GetId() == ID_SaveButton) + { +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/config_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/config_panel.cpp ++++ sooperlooper/src/gui/config_panel.cpp +@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv + else if (ev.GetId() == ID_MidiBrowseButton) { + + _parent->get_keyboard().set_enabled(false); +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR); + _parent->get_keyboard().set_enabled(true); + + if ( !filename.empty() ) +@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv + else if (ev.GetId() == ID_SessionBrowseButton) { + + _parent->get_keyboard().set_enabled(false); +- wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); +- //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); ++ //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + _parent->get_keyboard().set_enabled(true); + + if ( !filename.empty() ) diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch new file mode 100644 index 0000000000..db3c56861b --- /dev/null +++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch @@ -0,0 +1,42 @@ +https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch + +From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001 +From: Deve <deveee@gmail.com> +Date: Mon, 3 Oct 2016 23:26:09 +0200 +Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms, + e.g. arm64, mips, and s390x architectures + +This modification is already applied in upstream angelscript repository: +https://sourceforge.net/p/angelscript/code/2353/ + +Thanks to Adrian Bunk and Andreas Jonsson +--- + lib/angelscript/projects/cmake/CMakeLists.txt | 1 + + lib/angelscript/source/as_config.h | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt +index e93971315e..755d8378c3 100644 +--- a/lib/angelscript/projects/cmake/CMakeLists.txt ++++ b/lib/angelscript/projects/cmake/CMakeLists.txt +@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE + ../../source/as_builder.cpp + ../../source/as_bytecode.cpp + ../../source/as_callfunc.cpp ++ ../../source/as_callfunc_mips.cpp + ../../source/as_callfunc_x86.cpp + ../../source/as_callfunc_x64_gcc.cpp + ../../source/as_callfunc_x64_msvc.cpp +diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h +index cb05bffbd5..5bb5b8e800 100644 +--- a/lib/angelscript/source/as_config.h ++++ b/lib/angelscript/source/as_config.h +@@ -844,7 +844,7 @@ + #define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK + #define AS_X86 + #undef AS_NO_THISCALL_FUNCTOR_METHOD +- #elif defined(__LP64__) && !defined(__arm64__) ++ #elif defined(__x86_64__) + #define AS_X64_GCC + #undef AS_NO_THISCALL_FUNCTOR_METHOD + #define HAS_128_BIT_PRIMITIVES diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch deleted file mode 100644 index 3a9ae993f6..0000000000 --- a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fix CVE-2016-10243: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243 - -Patch adapted from upstream commit: - -https://www.tug.org/svn/texlive?view=revision&revision=42605 - ---- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604 -+++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605 -@@ -568,7 +568,6 @@ extractbb,\ - gregorio,\ - kpsewhich,\ - makeindex,\ --mpost,\ - repstopdf,\ - - % we'd like to allow: diff --git a/gnu/packages/patches/vinagre-revert-1.patch b/gnu/packages/patches/vinagre-revert-1.patch new file mode 100644 index 0000000000..5a983770b7 --- /dev/null +++ b/gnu/packages/patches/vinagre-revert-1.patch @@ -0,0 +1,56 @@ +Patch taken from Debian: revert changes that prevent building against freerdp +version 1.1 branch. + +From 8ebc0685b85e0d1f70eb00171f2e7712de3d44bd Mon Sep 17 00:00:00 2001 +From: Michael Biebl <biebl@debian.org> +Date: Thu, 22 Sep 2016 01:15:55 +0200 +Subject: [PATCH 1/2] Revert "Improve FreeRDP authentication failure handling" + +This reverts commit d7b4f88943e8615d252d27e1efc58cb64a9e1821. +--- + plugins/rdp/vinagre-rdp-tab.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c +index b731f9b..8572bc3 100644 +--- a/plugins/rdp/vinagre-rdp-tab.c ++++ b/plugins/rdp/vinagre-rdp-tab.c +@@ -1195,8 +1195,8 @@ open_freerdp (VinagreRdpTab *rdp_tab) + VinagreTab *tab = VINAGRE_TAB (rdp_tab); + GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); + gboolean success = TRUE; ++ gboolean authentication_error = FALSE; + gboolean cancelled = FALSE; +- guint authentication_errors = 0; + + priv->events = g_queue_new (); + +@@ -1205,12 +1205,14 @@ open_freerdp (VinagreRdpTab *rdp_tab) + + do + { ++ authentication_error = FALSE; ++ + /* Run FreeRDP session */ + success = freerdp_connect (priv->freerdp_session); + if (!success) + { +- authentication_errors += freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || +- freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; ++ authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || ++ freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; + + cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b; + +@@ -1218,7 +1220,7 @@ open_freerdp (VinagreRdpTab *rdp_tab) + init_freerdp (rdp_tab); + } + } +- while (!success && authentication_errors < 3); ++ while (!success && authentication_error); + + if (!success) + { +-- +2.9.3 + diff --git a/gnu/packages/patches/vinagre-revert-2.patch b/gnu/packages/patches/vinagre-revert-2.patch new file mode 100644 index 0000000000..686ee203e4 --- /dev/null +++ b/gnu/packages/patches/vinagre-revert-2.patch @@ -0,0 +1,448 @@ +Patch taken from Debian: revert changes that prevent building against freerdp +version 1.1 branch. + +From bb1828b6b7eb29bb037bcc687cf10f916ddc7561 Mon Sep 17 00:00:00 2001 +From: Michael Biebl <biebl@debian.org> +Date: Thu, 22 Sep 2016 01:18:16 +0200 +Subject: [PATCH 2/2] Revert "Store credentials for RDP" + +This reverts commit 60dea279a24c7f0e398b89a0a60d45e80087ed1d. +--- + plugins/rdp/vinagre-rdp-connection.c | 22 +--- + plugins/rdp/vinagre-rdp-plugin.c | 29 +---- + plugins/rdp/vinagre-rdp-tab.c | 231 +++++++++++++++++------------------ + 3 files changed, 123 insertions(+), 159 deletions(-) + +diff --git a/plugins/rdp/vinagre-rdp-connection.c b/plugins/rdp/vinagre-rdp-connection.c +index f0ff02b..c5f6ed1 100644 +--- a/plugins/rdp/vinagre-rdp-connection.c ++++ b/plugins/rdp/vinagre-rdp-connection.c +@@ -127,25 +127,9 @@ rdp_parse_item (VinagreConnection *conn, xmlNode *root) + static void + rdp_parse_options_widget (VinagreConnection *conn, GtkWidget *widget) + { +- const gchar *text; +- GtkWidget *u_entry, *d_entry, *spin_button, *scaling_button; +- gboolean scaling; +- guint width, height; +- +- d_entry = g_object_get_data (G_OBJECT (widget), "domain_entry"); +- if (!d_entry) +- { +- g_warning ("Wrong widget passed to rdp_parse_options_widget()"); +- return; +- } +- +- text = gtk_entry_get_text (GTK_ENTRY (d_entry)); +- vinagre_cache_prefs_set_string ("rdp-connection", "domain", text); +- +- g_object_set (conn, +- "domain", text != NULL && *text != '\0' ? text : NULL, +- NULL); +- ++ GtkWidget *u_entry, *spin_button, *scaling_button; ++ gboolean scaling; ++ guint width, height; + + u_entry = g_object_get_data (G_OBJECT (widget), "username_entry"); + if (!u_entry) +diff --git a/plugins/rdp/vinagre-rdp-plugin.c b/plugins/rdp/vinagre-rdp-plugin.c +index 4751102..f41da37 100644 +--- a/plugins/rdp/vinagre-rdp-plugin.c ++++ b/plugins/rdp/vinagre-rdp-plugin.c +@@ -100,7 +100,7 @@ vinagre_rdp_plugin_init (VinagreRdpPlugin *plugin) + static GtkWidget * + impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + { +- GtkWidget *grid, *label, *u_entry, *d_entry, *spin_button, *check; ++ GtkWidget *grid, *label, *u_entry, *spin_button, *check; + gchar *str; + gint width, height; + +@@ -146,29 +146,10 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + g_free (str); + + +- label = gtk_label_new_with_mnemonic (_("_Domain:")); +- gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1); +- gtk_widget_set_margin_left (label, 12); +- +- d_entry = gtk_entry_new (); +- /* Translators: This is the tooltip for the domain field in a RDP connection */ +- gtk_widget_set_tooltip_text (d_entry, _("Optional.")); +- g_object_set_data (G_OBJECT (grid), "domain_entry", d_entry); +- gtk_grid_attach (GTK_GRID (grid), d_entry, 1, 3, 1, 1); +- gtk_label_set_mnemonic_widget (GTK_LABEL (label), d_entry); +- str = g_strdup (VINAGRE_IS_CONNECTION (conn) ? +- vinagre_connection_get_domain (conn) : +- vinagre_cache_prefs_get_string ("rdp-connection", "domain", "")); +- gtk_entry_set_text (GTK_ENTRY (d_entry), str); +- gtk_entry_set_activates_default (GTK_ENTRY (d_entry), TRUE); +- g_free (str); +- +- + /* Host width */ + label = gtk_label_new_with_mnemonic (_("_Width:")); + gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1); + gtk_widget_set_margin_left (label, 12); + + spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1); +@@ -176,7 +157,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + gtk_widget_set_tooltip_text (spin_button, _("Set width of the remote desktop")); + gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_WIDTH); + g_object_set_data (G_OBJECT (grid), "width_spin_button", spin_button); +- gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 3, 1, 1); + gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button); + width = VINAGRE_IS_CONNECTION (conn) ? + vinagre_connection_get_width (conn) : +@@ -188,7 +169,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + /* Host height */ + label = gtk_label_new_with_mnemonic (_("_Height:")); + gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 5, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1); + gtk_widget_set_margin_left (label, 12); + + spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1); +@@ -196,7 +177,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + gtk_widget_set_tooltip_text (spin_button, _("Set height of the remote desktop")); + gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_HEIGHT); + g_object_set_data (G_OBJECT (grid), "height_spin_button", spin_button); +- gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 5, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1); + gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button); + height = VINAGRE_IS_CONNECTION (conn) ? + vinagre_connection_get_height (conn) : +diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c +index 8572bc3..f3d9c08 100644 +--- a/plugins/rdp/vinagre-rdp-tab.c ++++ b/plugins/rdp/vinagre-rdp-tab.c +@@ -70,8 +70,6 @@ struct _VinagreRdpTabPrivate + gboolean scaling; + double scale; + double offset_x, offset_y; +- +- guint authentication_attempts; + }; + + G_DEFINE_TYPE (VinagreRdpTab, vinagre_rdp_tab, VINAGRE_TYPE_TAB) +@@ -611,7 +609,6 @@ frdp_post_connect (freerdp *instance) + 0, 0, + gdi->width, gdi->height); + +- vinagre_tab_save_credentials_in_keyring (VINAGRE_TAB (rdp_tab)); + vinagre_tab_add_recent_used (VINAGRE_TAB (rdp_tab)); + vinagre_tab_set_state (VINAGRE_TAB (rdp_tab), VINAGRE_TAB_STATE_CONNECTED); + +@@ -862,76 +859,114 @@ frdp_mouse_moved (GtkWidget *widget, + return TRUE; + } + ++static void ++entry_text_changed_cb (GtkEntry *entry, ++ GtkBuilder *builder) ++{ ++ const gchar *text; ++ GtkWidget *widget; ++ gsize username_length; ++ gsize password_length; ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry")); ++ text = gtk_entry_get_text (GTK_ENTRY (widget)); ++ username_length = strlen (text); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry")); ++ text = gtk_entry_get_text (GTK_ENTRY (widget)); ++ password_length = strlen (text); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ok_button")); ++ gtk_widget_set_sensitive (widget, password_length > 0 && username_length > 0); ++} ++ + static gboolean + frdp_authenticate (freerdp *instance, + char **username, + char **password, + char **domain) + { +- VinagreTab *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab); +- VinagreRdpTab *rdp_tab = VINAGRE_RDP_TAB (tab); +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreConnection *conn = vinagre_tab_get_conn (tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean save_in_keyring = FALSE; +- gchar *keyring_domain = NULL; +- gchar *keyring_username = NULL; +- gchar *keyring_password = NULL; ++ VinagreTab *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab); ++ VinagreConnection *conn = vinagre_tab_get_conn (tab); ++ const gchar *user_name; ++ const gchar *domain_name; ++ GtkBuilder *builder; ++ GtkWidget *dialog; ++ GtkWidget *widget; ++ GtkWidget *username_entry; ++ GtkWidget *password_entry; ++ GtkWidget *domain_entry; ++ gboolean save_credential_check_visible; ++ gboolean domain_label_visible; ++ gboolean domain_entry_visible; ++ gint response; + +- priv->authentication_attempts++; ++ builder = vinagre_utils_get_builder (); + +- if (priv->authentication_attempts == 1) +- { +- vinagre_tab_find_credentials_in_keyring (tab, &keyring_domain, &keyring_username, &keyring_password); +- if (keyring_password != NULL && keyring_username != NULL) +- { +- *domain = keyring_domain; +- *username = keyring_username; +- *password = keyring_password; ++ dialog = GTK_WIDGET (gtk_builder_get_object (builder, "auth_required_dialog")); ++ gtk_window_set_modal ((GtkWindow *) dialog, TRUE); ++ gtk_window_set_transient_for ((GtkWindow *) dialog, GTK_WINDOW (vinagre_tab_get_window (tab))); + +- return TRUE; +- } +- else +- { +- g_free (keyring_domain); +- g_free (keyring_username); +- g_free (keyring_password); +- } ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "host_label")); ++ gtk_label_set_text (GTK_LABEL (widget), vinagre_connection_get_host (conn)); ++ ++ username_entry = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry")); ++ password_entry = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry")); ++ domain_entry = GTK_WIDGET (gtk_builder_get_object (builder, "domain_entry")); ++ ++ if (*username != NULL && *username[0] != '\0') ++ { ++ gtk_entry_set_text (GTK_ENTRY (username_entry), *username); ++ gtk_widget_grab_focus (password_entry); + } + +- if (vinagre_utils_request_credential (window, +- "RDP", +- vinagre_connection_get_host (conn), +- vinagre_connection_get_domain (conn), +- vinagre_connection_get_username (conn), +- TRUE, +- TRUE, +- TRUE, +- 20, +- domain, +- username, +- password, +- &save_in_keyring)) ++ g_signal_connect (username_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder); ++ g_signal_connect (password_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder); ++ ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check")); ++ save_credential_check_visible = gtk_widget_get_visible (widget); ++ gtk_widget_set_visible (widget, FALSE); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label")); ++ domain_label_visible = gtk_widget_get_visible (widget); ++ gtk_widget_set_visible (widget, TRUE); ++ ++ domain_entry_visible = gtk_widget_get_visible (domain_entry); ++ gtk_widget_set_visible (domain_entry, TRUE); ++ ++ ++ response = gtk_dialog_run (GTK_DIALOG (dialog)); ++ gtk_widget_hide (dialog); ++ ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check")); ++ gtk_widget_set_visible (widget, save_credential_check_visible); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label")); ++ gtk_widget_set_visible (widget, domain_label_visible); ++ ++ gtk_widget_set_visible (domain_entry, domain_entry_visible); ++ ++ ++ if (response == GTK_RESPONSE_OK) + { +- if (*domain && **domain != '\0') +- vinagre_connection_set_domain (conn, *domain); ++ domain_name = gtk_entry_get_text (GTK_ENTRY (domain_entry)); ++ if (g_strcmp0 (*domain, domain_name) != 0) ++ *domain = g_strdup (domain_name); + +- if (*username && **username != '\0') +- vinagre_connection_set_username (conn, *username); ++ user_name = gtk_entry_get_text (GTK_ENTRY (username_entry)); ++ if (g_strcmp0 (*username, user_name) != 0) ++ *username = g_strdup (user_name); + +- if (*password && **password != '\0') +- vinagre_connection_set_password (conn, *password); ++ *password = g_strdup (gtk_entry_get_text (GTK_ENTRY (password_entry))); + +- vinagre_tab_set_save_credentials (tab, save_in_keyring); ++ return TRUE; + } + else + { +- vinagre_tab_remove_from_notebook (tab); +- + return FALSE; + } +- +- return TRUE; + } + + static BOOL +@@ -1028,25 +1063,30 @@ frdp_changed_certificate_verify (freerdp *instance, + #endif + + static void +-init_freerdp (VinagreRdpTab *rdp_tab) ++open_freerdp (VinagreRdpTab *rdp_tab) + { + VinagreRdpTabPrivate *priv = rdp_tab->priv; +- rdpSettings *settings; + VinagreTab *tab = VINAGRE_TAB (rdp_tab); + VinagreConnection *conn = vinagre_tab_get_conn (tab); +- gboolean scaling; +- gchar *hostname; +- gint width, height; +- gint port; ++ rdpSettings *settings; ++ GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); ++ gboolean success = TRUE; ++ gboolean fullscreen, scaling; ++ gchar *hostname, *username; ++ gint port, width, height; + + g_object_get (conn, + "port", &port, + "host", &hostname, + "width", &width, + "height", &height, ++ "fullscreen", &fullscreen, + "scaling", &scaling, ++ "username", &username, + NULL); + ++ priv->events = g_queue_new (); ++ + /* Setup FreeRDP session */ + priv->freerdp_session = freerdp_new (); + priv->freerdp_session->PreConnect = frdp_pre_connect; +@@ -1111,6 +1151,17 @@ init_freerdp (VinagreRdpTab *rdp_tab) + settings->port = port; + #endif + ++ /* Set username */ ++ username = g_strstrip (username); ++ if (username != NULL && username[0] != '\0') ++ { ++#if HAVE_FREERDP_1_1 ++ settings->Username = g_strdup (username); ++#else ++ settings->username = g_strdup (username); ++#endif ++ } ++ + /* Set keyboard layout */ + #if HAVE_FREERDP_1_1 + freerdp_keyboard_init (KBD_US); +@@ -1120,24 +1171,6 @@ init_freerdp (VinagreRdpTab *rdp_tab) + + /* Allow font smoothing by default */ + settings->AllowFontSmoothing = TRUE; +-} +- +-static void +-init_display (VinagreRdpTab *rdp_tab) +-{ +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreTab *tab = VINAGRE_TAB (rdp_tab); +- VinagreConnection *conn = vinagre_tab_get_conn (tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean fullscreen, scaling; +- gint width, height; +- +- g_object_get (conn, +- "width", &width, +- "height", &height, +- "fullscreen", &fullscreen, +- "scaling", &scaling, +- NULL); + + /* Setup display for FreeRDP session */ + priv->display = gtk_drawing_area_new (); +@@ -1186,54 +1219,20 @@ init_display (VinagreRdpTab *rdp_tab) + priv->key_release_handler_id = g_signal_connect (GTK_WIDGET (tab), "key-release-event", + G_CALLBACK (frdp_key_pressed), + rdp_tab); +-} +- +-static void +-open_freerdp (VinagreRdpTab *rdp_tab) +-{ +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreTab *tab = VINAGRE_TAB (rdp_tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean success = TRUE; +- gboolean authentication_error = FALSE; +- gboolean cancelled = FALSE; +- +- priv->events = g_queue_new (); +- +- init_freerdp (rdp_tab); +- init_display (rdp_tab); +- +- do +- { +- authentication_error = FALSE; + +- /* Run FreeRDP session */ +- success = freerdp_connect (priv->freerdp_session); +- if (!success) +- { +- authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || +- freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; +- +- cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b; +- +- freerdp_free (priv->freerdp_session); +- init_freerdp (rdp_tab); +- } +- } +- while (!success && authentication_error); ++ /* Run FreeRDP session */ ++ success = freerdp_connect (priv->freerdp_session); + + if (!success) + { + gtk_window_unfullscreen (window); +- if (!cancelled) +- vinagre_utils_show_error_dialog (_("Error connecting to host."), +- NULL, +- window); ++ vinagre_utils_show_error_dialog (_("Error connecting to host."), ++ NULL, ++ window); + g_idle_add ((GSourceFunc) idle_close, rdp_tab); + } + else + { +- priv->authentication_attempts = 0; + priv->update_id = g_idle_add ((GSourceFunc) update, rdp_tab); + } + } +-- +2.9.3 + diff --git a/gnu/packages/patches/wget-perl-5.26.patch b/gnu/packages/patches/wget-perl-5.26.patch new file mode 100644 index 0000000000..ee3a984daa --- /dev/null +++ b/gnu/packages/patches/wget-perl-5.26.patch @@ -0,0 +1,96 @@ +This upstream commit adjusts tests for Perl 5.26. + +commit 7ffe93cabb181f39ad5091c31ab9f61bd940a55f +Author: Anton Yuzhaninov <citrin+github@citrin.ru> +Date: Wed Apr 5 19:06:42 2017 +0300 + + Fix perl warnings in tests + + * tests/FTPServer.pm: Escape '{' in RE to fix warnings + * tests/FTPTest.pm: Likewise + * tests/HTTPServer.pm: Likewise + * tests/HTTPTest.pm: Likewise + * tests/Test-proxied-https-auth-keepalive.px: Likewise + * tests/Test-proxied-https-auth.px: Likewise + Escape '{' in RE to fix warnings: + Unescaped left brace in regex is deprecated, passed through in regex; + marked by <-- HERE in m/{{ <-- HERE port}}/ + +diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm +index a5185d66..cac80942 100644 +--- a/tests/FTPServer.pm ++++ b/tests/FTPServer.pm +@@ -589,7 +589,7 @@ sub new + foreach my $file (keys %{$self->{_input}}) + { + my $ref = \$self->{_input}{$file}{content}; +- $$ref =~ s/{{port}}/$self->sockport/eg; ++ $$ref =~ s/\Q{{port}}/$self->sockport/eg; + } + + return $self; +diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm +index 50385ad0..0a1c768c 100644 +--- a/tests/FTPTest.pm ++++ b/tests/FTPTest.pm +@@ -53,7 +53,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm +index dd8ec043..78609f65 100644 +--- a/tests/HTTPServer.pm ++++ b/tests/HTTPServer.pm +@@ -310,7 +310,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm +index 00f079f8..6225c7f1 100644 +--- a/tests/HTTPTest.pm ++++ b/tests/HTTPTest.pm +@@ -47,7 +47,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px +index 049bebec..2a18ccfd 100755 +--- a/tests/Test-proxied-https-auth-keepalive.px ++++ b/tests/Test-proxied-https-auth-keepalive.px +@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; +diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px +index ce4e736c..878114e7 100755 +--- a/tests/Test-proxied-https-auth.px ++++ b/tests/Test-proxied-https-auth.px +@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; diff --git a/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch new file mode 100644 index 0000000000..8aeec455d7 --- /dev/null +++ b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch @@ -0,0 +1,171 @@ +From eee8fd4c489a693344da0bba14cfa54c54610b89 Mon Sep 17 00:00:00 2001 +From: Maarten Lankhorst <maarten.lankhorst@ubuntu.com> +Date: Thu, 9 Mar 2017 13:31:34 +0200 +Subject: [PATCH] Fix build against xorg server 1.17 on certain architectures + +Fixes at least arm64, likely also hppa, m68k, sh4. + +Signed-off-by: Maarten Lankhorst <maarten.lankhorst@ubuntu.com> +--- + src/regsmi.h | 18 ++++++++++++++++++ + src/smi.h | 2 ++ + src/smi_driver.c | 19 +++++++++---------- + src/smilynx_crtc.c | 6 +++--- + src/smilynx_hw.c | 5 ++--- + 5 files changed, 34 insertions(+), 16 deletions(-) + +diff --git a/src/regsmi.h b/src/regsmi.h +index 5dd0320..69205ba 100644 +--- a/src/regsmi.h ++++ b/src/regsmi.h +@@ -64,8 +64,13 @@ VGAIN8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index) + MMIO_OUT8(pSmi->IOBase, indexPort, index); + return(MMIO_IN8(pSmi->IOBase, dataPort)); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, indexPort, index); ++ return pci_io_read8(pSmi->io, dataPort); ++#else + outb(pSmi->PIOBase + indexPort, index); + return(inb(pSmi->PIOBase + dataPort)); ++#endif + } + } + +@@ -76,8 +81,13 @@ VGAOUT8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index, CARD8 data) + MMIO_OUT8(pSmi->IOBase, indexPort, index); + MMIO_OUT8(pSmi->IOBase, dataPort, data); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, indexPort, index); ++ pci_io_write8(pSmi->io, dataPort, data); ++#else + outb(pSmi->PIOBase + indexPort, index); + outb(pSmi->PIOBase + dataPort, data); ++#endif + } + } + +@@ -87,7 +97,11 @@ VGAIN8(SMIPtr pSmi, int port) + if (pSmi->IOBase) { + return(MMIO_IN8(pSmi->IOBase, port)); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ return pci_io_read8(pSmi->io, port); ++#else + return(inb(pSmi->PIOBase + port)); ++#endif + } + } + +@@ -97,7 +111,11 @@ VGAOUT8(SMIPtr pSmi, int port, CARD8 data) + if (pSmi->IOBase) { + MMIO_OUT8(pSmi->IOBase, port, data); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, port, data); ++#else + outb(pSmi->PIOBase + port, data); ++#endif + } + } + +diff --git a/src/smi.h b/src/smi.h +index 2742c8d..1f20a2d 100644 +--- a/src/smi.h ++++ b/src/smi.h +@@ -171,6 +171,8 @@ typedef struct + pciVideoPtr PciInfo; /* PCI info vars */ + #ifndef XSERVER_LIBPCIACCESS + PCITAG PciTag; ++#else ++ struct pci_io_handle *io; + #endif + int Chipset; /* Chip info, set using PCI + above */ +diff --git a/src/smi_driver.c b/src/smi_driver.c +index 8949cae..6bdf64d 100644 +--- a/src/smi_driver.c ++++ b/src/smi_driver.c +@@ -446,6 +446,9 @@ SMI_PreInit(ScrnInfoPtr pScrn, int flags) + pSmi->PIOBase = hwp->PIOOffset; + #else + pSmi->PIOBase = 0; ++#ifdef XSERVER_LIBPCIACCESS ++ pSmi->io = hwp->io; ++#endif + #endif + + xf86ErrorFVerb(VERBLEV, "\tSMI_PreInit vgaCRIndex=%x, vgaIOBase=%x, " +@@ -2022,16 +2025,14 @@ SMI_EnableMmio(ScrnInfoPtr pScrn) + vgaHWSetStdFuncs(hwp); + + /* Enable linear mode */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18); + pSmi->SR18Value = tmp; /* PDR#521 */ +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x11); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x11); + + /* Enable 2D/3D Engine and Video Processor */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); + pSmi->SR21Value = tmp; /* PDR#521 */ +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp & ~0x03); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, tmp & ~0x03); + } + + LEAVE(); +@@ -2050,12 +2051,10 @@ SMI_DisableMmio(ScrnInfoPtr pScrn) + vgaHWSetStdFuncs(hwp); + + /* Disable 2D/3D Engine and Video Processor */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR21Value); /* PDR#521 */ ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, pSmi->SR21Value); /* PDR#521 */ + + /* Disable linear mode */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR18Value); /* PDR#521 */ ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, pSmi->SR18Value); /* PDR#521 */ + } + + LEAVE(); +diff --git a/src/smilynx_crtc.c b/src/smilynx_crtc.c +index fb7183c..f4d8b4e 100644 +--- a/src/smilynx_crtc.c ++++ b/src/smilynx_crtc.c +@@ -619,9 +619,9 @@ SMILynx_CrtcModeSet_bios(xf86CrtcPtr crtc, + xf86ExecX86int10(pSmi->pInt10); + + /* Enable linear mode. */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01); ++ VGAOUT8(pSmi, VGA_SEQ_INDEX, 0x18); ++ tmp = VGAIN8(pSmi, VGA_SEQ_DATA); ++ VGAOUT8(pSmi, VGA_SEQ_DATA, tmp | 0x01); + + /* Enable DPR/VPR registers. */ + tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); +diff --git a/src/smilynx_hw.c b/src/smilynx_hw.c +index b2ee8a5..40aa5a4 100644 +--- a/src/smilynx_hw.c ++++ b/src/smilynx_hw.c +@@ -365,9 +365,8 @@ SMILynx_WriteMode(ScrnInfoPtr pScrn, vgaRegPtr vgaSavePtr, SMIRegPtr restore) + xf86ExecX86int10(pSmi->pInt10); + + /* Enable linear mode. */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x01); + + /* Enable DPR/VPR registers. */ + tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); +-- +2.7.4 + |